From f12e402c78e174f092638c5270a731bfbb0f49d4 Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 18 Feb 2022 18:34:33 +0100 Subject: [PATCH 001/291] init helm repo --- .helmignore | 23 ++++++++++++++++ Chart.yaml | 11 ++++++++ templates/_helpers.tpl | 62 ++++++++++++++++++++++++++++++++++++++++++ values.yaml | 0 4 files changed, 96 insertions(+) create mode 100644 .helmignore create mode 100644 Chart.yaml create mode 100644 templates/_helpers.tpl create mode 100644 values.yaml diff --git a/.helmignore b/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..ec41021 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: ipsec-vpn-server +description: Deploy IPsec VPN server inside K8s with optional sealed-secrets + +type: application + +version: 0.1.0 + +# hwdsl2/docker-ipsec-vpn-server does not provide versioning +# see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 +appVersion: "0.0.0" diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..ffc33fd --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ipsec-vpn-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ipsec-vpn-server.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ipsec-vpn-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ipsec-vpn-server.labels" -}} +helm.sh/chart: {{ include "ipsec-vpn-server.chart" . }} +{{ include "ipsec-vpn-server.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ipsec-vpn-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ipsec-vpn-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ipsec-vpn-server.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ipsec-vpn-server.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..e69de29 From 179dd8ba4aa1efb624ceaa2caa96109081739a09 Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 18 Feb 2022 18:38:45 +0100 Subject: [PATCH 002/291] add basic values --- values.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/values.yaml b/values.yaml index e69de29..3b0037f 100644 --- a/values.yaml +++ b/values.yaml @@ -0,0 +1,13 @@ +image: + repository: hwdsl2/ipsec-vpn-server + tag: latest + +sealed-secrets: false + +vpn: + dns_name: vpn.example.com + psk: your_presharedkey + +users: + - username: vpn + password: password From 4f58bbd33bcbd92a44585d4f5fd73cb94fbc0c60 Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 18 Feb 2022 19:59:33 +0100 Subject: [PATCH 003/291] add secret templating --- templates/secret-sealed.yaml | 13 +++++++++++++ templates/secret.yaml | 12 ++++++++++++ values.yaml | 7 ++++++- 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 templates/secret-sealed.yaml create mode 100644 templates/secret.yaml diff --git a/templates/secret-sealed.yaml b/templates/secret-sealed.yaml new file mode 100644 index 0000000..a9bad48 --- /dev/null +++ b/templates/secret-sealed.yaml @@ -0,0 +1,13 @@ +{{- if .Values.sealed_secrets }} +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: {{ include "ipsec-vpn-server.fullname" . }}-vpnconfig + namespace: {{ .Values.namespace }} +spec: + encryptedData: + psk: {{ .Values.vpn.psk }} +{{- range .Values.users }} + password_{{ .username }}: {{ .password }} +{{- end }} +{{- end }} diff --git a/templates/secret.yaml b/templates/secret.yaml new file mode 100644 index 0000000..8ffa728 --- /dev/null +++ b/templates/secret.yaml @@ -0,0 +1,12 @@ +{{- if not .Values.sealed_secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ipsec-vpn-server.fullname" . }}-vpnconfig + namespace: {{ .Values.namespace }} +data: + psk: {{ .Values.vpn.psk | b64enc }} +{{- range .Values.users }} + password_{{ .username }}: {{ .password | b64enc }} +{{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml index 3b0037f..3f7fcae 100644 --- a/values.yaml +++ b/values.yaml @@ -1,8 +1,13 @@ +# recommended to overwrite name when using sealed-secrets +fullnameOverride: vpn-server + +namespace: vpn + image: repository: hwdsl2/ipsec-vpn-server tag: latest -sealed-secrets: false +sealed_secrets: false vpn: dns_name: vpn.example.com From b2e12f9b0372447e5c4aeb084f3e618bbf49d9e8 Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 18 Feb 2022 20:03:19 +0100 Subject: [PATCH 004/291] add configmap - create-env.sh --- templates/configmap.yaml | 68 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 templates/configmap.yaml diff --git a/templates/configmap.yaml b/templates/configmap.yaml new file mode 100644 index 0000000..d931481 --- /dev/null +++ b/templates/configmap.yaml @@ -0,0 +1,68 @@ +{{- if .Values.sealed_secrets }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "ipsec-vpn-server.fullname" . }}-vpnscript + namespace: {{ .Values.namespace }} +data: + create-env.sh: |- + #!/usr/local/bin/bash + + prefix=VPN_CONFIGBUILDER_PASSWORD_ + is_first_user=true + is_second_user=false + is_first_password=true + is_second_password=false + env_file=/vpn/vpn.env + + echo -n "" > ${env_file} + + echo "VPN_DNS_NAME=\"${VPN_CONFIGBUILDER_DNSNAME}\"" >> ${env_file} + echo "VPN_IPSEC_PSK=\"${VPN_CONFIGBUILDER_PSK}\"" >> ${env_file} + + # users + env | while IFS= read -r line; do + name=${line%%=*} + + if [[ "${name}" =~ ^$prefix ]]; then + username=${name#"$prefix"} + if [ "${is_first_user}" = true ]; then + is_first_user=false + is_second_user=true + echo "VPN_USER=\"${username}\"" >> ${env_file} + echo -n "VPN_ADDL_USERS=\"" >> ${env_file} + else + if [ "${is_second_user}" = true ]; then + is_second_user=false + echo -n "${username}" >> ${env_file} + else + echo -n " ${username}" >> ${env_file} + fi + fi + fi + done + echo "\"" >> ${env_file} + + # passwords + env | while IFS= read -r line; do + name=${line%%=*} + password=${line#*=} + + if [[ "${name}" =~ ^$prefix ]]; then + if [ "${is_first_password}" = true ]; then + is_first_password=false + is_second_password=true + echo "VPN_PASSWORD=\"${password}\"" >> ${env_file} + echo -n "VPN_ADDL_PASSWORDS=\"" >> ${env_file} + else + if [ "${is_second_password}" = true ]; then + is_second_password=false + echo -n "${password}" >> ${env_file} + else + echo -n " ${password}" >> ${env_file} + fi + fi + fi + done + echo "\"" >> ${env_file} +{{- end }} From f2a32941b1b23c103341c1518f875484330fcc3c Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 18 Feb 2022 20:16:17 +0100 Subject: [PATCH 005/291] remove check if sealed-secret are used in configmap This will simplify the Deployment otherwise the ENVs have to be templated with Helm separatly. By using the script from the configmap + initContainer more ressources will be generated but the chart will stay not that complex --- templates/configmap.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index d931481..b383b46 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -1,4 +1,3 @@ -{{- if .Values.sealed_secrets }} apiVersion: v1 kind: ConfigMap metadata: @@ -65,4 +64,3 @@ data: fi done echo "\"" >> ${env_file} -{{- end }} From a7e9390d07397d8f5fa3463e7013760141bb11f6 Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 18 Feb 2022 20:18:55 +0100 Subject: [PATCH 006/291] add Deployment template --- templates/deployment.yaml | 67 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 templates/deployment.yaml diff --git a/templates/deployment.yaml b/templates/deployment.yaml new file mode 100644 index 0000000..7baeccb --- /dev/null +++ b/templates/deployment.yaml @@ -0,0 +1,67 @@ +{{- $secretname := (printf "%s-vpnconfig" (include "ipsec-vpn-server.fullname" .)) -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "ipsec-vpn-server.fullname" . }}-vpn-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: vpn-server + template: + metadata: + labels: + app.kubernetes.io/name: vpn-server + spec: + initContainers: + - name: init-config + image: bash:alpine3.15 + command: ["sh", "-c"] + args: ["/vpn/scripts/create-env.sh"] + env: + - name: VPN_CONFIGBUILDER_DNSNAME + value: {{ .Values.vpn.dns_name }} + - name: VPN_CONFIGBUILDER_PSK + valueFrom: + secretKeyRef: + name: {{ $secretname }} + key: psk +{{- range .Values.users }} + - name: VPN_CONFIGBUILDER_PASSWORD_{{ .username }} + valueFrom: + secretKeyRef: + name: {{ $secretname }} + key: password_{{ .username }} +{{- end }} + volumeMounts: + - mountPath: /vpn + name: vpn-config + - mountPath: /vpn/scripts + name: vpn-script + readOnly: true + containers: + - name: vpn-server + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + resources: + limits: + memory: "128Mi" + cpu: "500m" + securityContext: + privileged: true + ports: + - name: vpn-isakmp + containerPort: 500 + protocol: UDP + - name: vpn-ike + containerPort: 4500 + protocol: UDP + volumeMounts: + - mountPath: /opt/src/env/ + name: vpn-config + + volumes: + - name: vpn-config + emptyDir: {} + - name: vpn-script + configMap: + name: {{ include "ipsec-vpn-server.fullname" . }}-vpnscript + defaultMode: 0777 From 934c01061fdde4642526dd3550e18e55794974e9 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 02:09:35 +0100 Subject: [PATCH 007/291] add README --- README.md | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..68c2c23 --- /dev/null +++ b/README.md @@ -0,0 +1,60 @@ +# IPsec VPN Server Helm chart + +Kubernetes [Helm](https://helm.sh) chart image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2. +This is based on the docker image [hwdsl2/docker-ipsec-vpn-server](https://github.com/hwdsl2/docker-ipsec-vpn-server). + +The main goal is to simplify the deployment of a VPN server for k8s. +You will be able to configure VPN users directly as list in the [`values.yaml`](./values.yaml). + +## Configuration + +The configuration of the VPN server will be set in the [`values.yaml`](./values.yaml)-file. +Please ensure to overwrite the configuration especially for `vpn.psk`, `vpn.dns_name` and `users[*].password`. + +It is possible to commit the password to your git repository if you have a separate sealed-secret instance. +You find detailed documentation in the section [Using sealed-secrets](#Using-sealed-secrets). + +## Installation + +To deploy the Helm chart please check out this repository and copy the [`values.yaml`](./values.yaml)-file. +After it was modified you can deploy the chart with the following command. + +```bash +$ cp ./values.yaml ./my-values.yaml + +$ vi my-values.yaml ./my-values.yaml + +$ helm upgrade --install vpn ./ --values ./my-values.yaml +``` + +## Using sealed-secrets + +To ensure your passwords can be committed to the repository (GitOps) without security issues you can use the integrated [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) approach. +Enable it by setting `sealed_secrets: true`. +The `vpn.psk` and `users[*].password` then have to be entered encrypted. +To encrypt a value you need to use the public key of sealed-secrets. +The best approach is to use the [`kubeseal`](https://github.com/bitnami-labs/sealed-secrets/releases/latest) binary: + +```bash +$ echo -n "${secret}" | \ + kubeseal \ + --raw \ + --from-file=/dev/stdin \ + --controller-name "sealed-secrets" \ + --controller-namespace "sealed-secrets" \ + --name "vpn-vpnconfig" \ + --namespace "vpn" \ +``` + +Ensure to use the correct _name_ and _namespace_ otherwise the [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) will not be created by sealed-secrets. +As _name_ you have to specify the name of the generated secret. +Typically this is your `fullnameOverride` with suffix `-vpnconfig`. +Also specify the _namespace_ where the VPN server will be deployed to. + +**Example** + +```yaml +users: + - username: vpn + password: AgBAK6LJs8coFflnplWkf/w9a/MR6HpWHKPyEerTW+KgIf/XvOUC72YIGMlOYxWcyMX6v8GfnWKOR32KMKejzLGEEYaije1JPGeDgpiChzcKow7GJx2tCZy9BCDdX68UZlIX8SYNBa+fkPV1jwk5SuAURVO5K5VngNlRF3XjkEvxZ6rfvELE+T9IJj4jg8/cBVIbypBHx/Cw1eDOucZXSQKo3bvyBiVasd/MzfCj+3ukayeAbrm5XqRlxVNjRKikOv0HO3qr8SwWyguVush5Jpo0LCmqwGf8z1QmBQFqI1/XJXAJ3kckvanRwEafUpNRAyaY/H/b7OMaw3wUkaWcUTCQ5ZUFe99OKLzQzMlxC+nGxE78v2/RKS5Nxf2mQFnXdjtAZBnKN+fYs/N8YpixFF3FRZQ2FEtifcDUBTvQ9U1bcd7S3vybOAfJHy3FNi6v+/vCtWuwELAznD5EaEJZ1UE6My7spgYbQ3Ld3TxnReYyR9L2171D509/zMWZdFiaVIY417Clq03mi9pbyz85CsR1Sm3yNsw7YGAO3hBZd0a1wW519CrKEUQ0laQoEWkw7EMfj/WtOLBmw9DgRDCFHhLDRF6vwVNGhmnu/qW+dpYtY18wI6LuO5HnblV/fJ0/aD4SnscLgmnopFPraqtK2E4DQGsVc0jLu+nBcN46SYCUTysVPwULMddQXLyPbBYStjjCXFgJR9xTmg== +``` From 1c572ef5413c4e3b15c2ed79ee2f286765d9f681 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 02:25:21 +0100 Subject: [PATCH 008/291] add Service template --- templates/service.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 templates/service.yaml diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..842e28f --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "ipsec-vpn-server.fullname" . }}-vpn-server +spec: + selector: + app.kubernetes.io/name: {{ template "ipsec-vpn-server.fullname" . }}-vpn-server + ports: + - name: {{ .Values.ingress.traefik.ports.isakmp.name }} + port: {{ .Values.ingress.traefik.ports.isakmp.port }} + - name: {{ .Values.ingress.traefik.ports.ike.name }} + port: {{ .Values.ingress.traefik.ports.ike.port }} From 06bb344d2da3d3eca27fc82d5f06e6cb5ea5e79f Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 02:26:34 +0100 Subject: [PATCH 009/291] add ingress to values --- values.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/values.yaml b/values.yaml index 3f7fcae..122c3a4 100644 --- a/values.yaml +++ b/values.yaml @@ -16,3 +16,15 @@ vpn: users: - username: vpn password: password + +ingress: + traefik: + enabled: false + + ports: + isakmp: + name: vpn-isakmp + port: 500 + ike: + name: vpn-ike + port: 4500 From 6e2a992fb046c9b133d163df2f1bd123aeb6cf72 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 02:28:15 +0100 Subject: [PATCH 010/291] move ports dict in values using ports variables in deployment --- templates/deployment.yaml | 8 ++++---- templates/service.yaml | 8 ++++---- values.yaml | 16 ++++++++-------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 7baeccb..ce9ceec 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -48,11 +48,11 @@ spec: securityContext: privileged: true ports: - - name: vpn-isakmp - containerPort: 500 + - name: {{ .Values.ingress.ports.isakmp.name }} + containerPort: {{ .Values.ingress.ports.isakmp.port }} protocol: UDP - - name: vpn-ike - containerPort: 4500 + - name: {{ .Values.ingress.ports.ike.name }} + containerPort: {{ .Values.ingress.ports.ike.port }} protocol: UDP volumeMounts: - mountPath: /opt/src/env/ diff --git a/templates/service.yaml b/templates/service.yaml index 842e28f..c7e3deb 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -6,7 +6,7 @@ spec: selector: app.kubernetes.io/name: {{ template "ipsec-vpn-server.fullname" . }}-vpn-server ports: - - name: {{ .Values.ingress.traefik.ports.isakmp.name }} - port: {{ .Values.ingress.traefik.ports.isakmp.port }} - - name: {{ .Values.ingress.traefik.ports.ike.name }} - port: {{ .Values.ingress.traefik.ports.ike.port }} + - name: {{ .Values.ingress.ports.isakmp.name }} + port: {{ .Values.ingress.ports.isakmp.port }} + - name: {{ .Values.ingress.ports.ike.name }} + port: {{ .Values.ingress.ports.ike.port }} diff --git a/values.yaml b/values.yaml index 122c3a4..a172e01 100644 --- a/values.yaml +++ b/values.yaml @@ -18,13 +18,13 @@ users: password: password ingress: + ports: + isakmp: + name: vpn-isakmp + port: 500 + ike: + name: vpn-ike + port: 4500 + traefik: enabled: false - - ports: - isakmp: - name: vpn-isakmp - port: 500 - ike: - name: vpn-ike - port: 4500 From aa33a19c9d632474b5c5b284118d278b1150ebb9 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 02:34:01 +0100 Subject: [PATCH 011/291] add IngressRouteUDPtemplate --- templates/ingress/traefik/ingressrouteudp.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 templates/ingress/traefik/ingressrouteudp.yaml diff --git a/templates/ingress/traefik/ingressrouteudp.yaml b/templates/ingress/traefik/ingressrouteudp.yaml new file mode 100644 index 0000000..c4aa116 --- /dev/null +++ b/templates/ingress/traefik/ingressrouteudp.yaml @@ -0,0 +1,17 @@ +{{- $fullname_vpn_server := (printf "%s-vpn-server" (include "ipsec-vpn-server.fullname" .)) -}} +{{- if .Values.ingress.traefik.enabled }} +{{- range .Values.ingress.ports }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteUDP +metadata: + name: {{ $fullname_vpn_server }}-{{ .name }} +spec: + entryPoints: + - {{ .name }} + routes: + - services: + - name: {{ $fullname_vpn_server }} + port: {{ .name }} +--- +{{- end }} +{{- end }} \ No newline at end of file From 93f5c43f2ed14216dfd0f448b7050e878624f922 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 17:11:00 +0100 Subject: [PATCH 012/291] add scripts for sealing secrets --- scripts/.gitignore | 1 + scripts/fetch-publickey.sh | 10 ++++++++++ scripts/seal-secret.sh | 25 +++++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 scripts/.gitignore create mode 100755 scripts/fetch-publickey.sh create mode 100755 scripts/seal-secret.sh diff --git a/scripts/.gitignore b/scripts/.gitignore new file mode 100644 index 0000000..a6f3398 --- /dev/null +++ b/scripts/.gitignore @@ -0,0 +1 @@ +sealed-secrets.pem diff --git a/scripts/fetch-publickey.sh b/scripts/fetch-publickey.sh new file mode 100755 index 0000000..210d983 --- /dev/null +++ b/scripts/fetch-publickey.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +controllername="sealed-secrets" +controllernamespace="sealed-secrets" + +kubeseal \ + --fetch-cert \ + --controller-name $controllername \ + --controller-namespace $controllernamespace \ + > sealed-secrets.pem diff --git a/scripts/seal-secret.sh b/scripts/seal-secret.sh new file mode 100755 index 0000000..7467e2b --- /dev/null +++ b/scripts/seal-secret.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +secretname="vpn-vpnconfig" +namespace="vpn" +secret="passw0rd" + +# seal from downloaded certificate +echo -n "${secret}" | \ + kubeseal \ + --raw \ + --from-file=/dev/stdin \ + --cert sealed-secrets.pem \ + --namespace $namespace \ + --name $secretname + +# seal with certificate from controller +# controllername="sealed-secrets" +# controllernamespace="sealed-secrets" +# echo -n "${secret}" | \ +# kubeseal \ +# --raw \ +# --from-file=/dev/stdin \ +# --controller-name $controllername \ +# --controller-namespace $controllernamespace \ +# --name $secretname From b2b13edabe6397e3d94baf0d852aff9b6ca54173 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 17:12:46 +0100 Subject: [PATCH 013/291] use vpn as fullnameOverride --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index a172e01..1366938 100644 --- a/values.yaml +++ b/values.yaml @@ -1,5 +1,5 @@ # recommended to overwrite name when using sealed-secrets -fullnameOverride: vpn-server +fullnameOverride: vpn namespace: vpn From 7444afff8b09943263a77d8bd9beb044542fab8c Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 17:25:29 +0100 Subject: [PATCH 014/291] add notes --- templates/NOTES.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 templates/NOTES.txt diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 0000000..915adf0 --- /dev/null +++ b/templates/NOTES.txt @@ -0,0 +1,3 @@ +Your Kubernetes VPN server is ready to be used. + +Have a look at the pod logs to view your connection details. From 8380b06d8b624fb9f99e2d5a6a385831f7126b4c Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 17:58:38 +0100 Subject: [PATCH 015/291] init helm repo --- .helmignore | 23 ++++++++++++++++ Chart.yaml | 9 ++++++ templates/_helpers.tpl | 62 ++++++++++++++++++++++++++++++++++++++++++ values.yaml | 0 4 files changed, 94 insertions(+) create mode 100644 .helmignore create mode 100644 Chart.yaml create mode 100644 templates/_helpers.tpl create mode 100644 values.yaml diff --git a/.helmignore b/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..968dc46 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: vpn-ios-profile +description: Deploy a VPN server in K8s with provided iOS profile + +type: application + +version: 0.1.0 + +appVersion: "latest" diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..a57015f --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "vpn-ios-profile.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "vpn-ios-profile.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "vpn-ios-profile.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "vpn-ios-profile.labels" -}} +helm.sh/chart: {{ include "vpn-ios-profile.chart" . }} +{{ include "vpn-ios-profile.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "vpn-ios-profile.selectorLabels" -}} +app.kubernetes.io/name: {{ include "vpn-ios-profile.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "vpn-ios-profile.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "vpn-ios-profile.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..e69de29 From f6e5beb39bddd05a9ef4d07c751a10fd6b706d79 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 18:00:54 +0100 Subject: [PATCH 016/291] version 1.0.0 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index ec41021..9c64464 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Deploy IPsec VPN server inside K8s with optional sealed-secrets type: application -version: 0.1.0 +version: 1.0.0 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 From 5ae2c489bac829d93fd82e64c996f39ab8aa5d47 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 20:03:13 +0100 Subject: [PATCH 017/291] add release, repo to gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c16ef53 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +release/ +repo/ From e8b0b32c85aa2e61e2e0869a0747f898ef184f87 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 20:05:36 +0100 Subject: [PATCH 018/291] add release workflow --- .github/workflows/release.yaml | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..d309947 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,40 @@ +name: Release +on: + release: + types: [published] +jobs: + build-and-deploy: + runs-on: ubuntu-latest + if: github.repository == 'taskmedia/helm_ipsec-vpn-server' + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Helm + run: | + curl -L https://git.io/get_helm.sh | bash -s -- -v v3.7.1 + + - name: Create release binary + run: | + helm package ./ --destination release/ + + - name: Update Index + env: + PROJECT: github.com/taskmedia/helm_ipsec-vpn-server + REPO_URL: https://ipsec-vpn-server.helm.task.media + run: | + rm -rf ./gh-pages.zip + curl -sSLO https://${PROJECT}/archive/gh-pages.zip + unzip -oj ./gh-pages.zip -d ./repo/ + cp ./release/*tgz ./repo/ + cp ./README.md ./repo/index.md + helm repo index --merge ./repo/index.yaml --url ${REPO_URL} ./repo + + - name: Deploy + uses: JamesIves/github-pages-deploy-action@v4.2.5 + with: + branch: gh-pages + folder: repo + clean: false From 728c423f78adaf71d3cf7b5939899873baad2dec Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 20:08:28 +0100 Subject: [PATCH 019/291] updated chart version add release workflow --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 9c64464..28434d7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Deploy IPsec VPN server inside K8s with optional sealed-secrets type: application -version: 1.0.0 +version: 1.0.1 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 From f5645946ca4180063bf5df6d90cbb9e1cee77ec2 Mon Sep 17 00:00:00 2001 From: Marco Date: Sat, 19 Feb 2022 20:50:38 +0100 Subject: [PATCH 020/291] update README to use helm repo --- Chart.yaml | 2 +- README.md | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 28434d7..61a4a38 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Deploy IPsec VPN server inside K8s with optional sealed-secrets type: application -version: 1.0.1 +version: 1.0.2 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 diff --git a/README.md b/README.md index 68c2c23..ac6fb31 100644 --- a/README.md +++ b/README.md @@ -20,11 +20,13 @@ To deploy the Helm chart please check out this repository and copy the [`values. After it was modified you can deploy the chart with the following command. ```bash -$ cp ./values.yaml ./my-values.yaml +$ helm repo add tm-ipsec-vpn https://ipsec-vpn-server.helm.task.media +$ helm repo update -$ vi my-values.yaml ./my-values.yaml +$ helm show values tm-ipsec-vpn/ipsec-vpn-server > ./my-values.yaml +$ vi ./my-values.yaml -$ helm upgrade --install vpn ./ --values ./my-values.yaml +$ helm upgrade --install vpn tm-ipsec-vpn/ipsec-vpn-server --values ./my-values.yaml ``` ## Using sealed-secrets From 52db0c1fda47ec89295581edb0b1c431a4524135 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 00:20:52 +0100 Subject: [PATCH 021/291] add artifacthub badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ac6fb31..389b62b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/ipsec-vpn-server)](https://artifacthub.io/packages/search?repo=ipsec-vpn-server) + # IPsec VPN Server Helm chart Kubernetes [Helm](https://helm.sh) chart image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2. From 339a11ac80ba891f7c10e1b7e880838c4dce4309 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 00:24:00 +0100 Subject: [PATCH 022/291] add ipsec-vpn-server dependency --- Chart.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index 968dc46..e83b43e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -7,3 +7,8 @@ type: application version: 0.1.0 appVersion: "latest" + +dependencies: + - name: ipsec-vpn-server + version: 1.0.2 + repository: "https://ipsec-vpn-server.helm.task.media/" From 5f976d25a3b1c2dcc92c6c6f5529d5bbde008511 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 00:28:56 +0100 Subject: [PATCH 023/291] add charts to gitignore --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6345435 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +### Helm ### +# Chart dependencies +**/charts/*.tgz + From 389147e13ee69dc12db878b2bdebd0059b7e6df1 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 00:36:18 +0100 Subject: [PATCH 024/291] add chart description --- Chart.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index 61a4a38..fbcf1fe 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,13 @@ apiVersion: v2 name: ipsec-vpn-server description: Deploy IPsec VPN server inside K8s with optional sealed-secrets +home: https://ipsec-vpn-server.helm.task.media +keywords: + - vpn + - ipsec + - traefik +sources: + - https://github.com/hwdsl2/docker-ipsec-vpn-server type: application @@ -9,3 +16,5 @@ version: 1.0.2 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 appVersion: "0.0.0" + +icon: https://media.task.media/images/logo.png From 3eb51bdb27cc103c7aae18bdd28ee61104f9ae2c Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 00:36:34 +0100 Subject: [PATCH 025/291] set appVersion to latest --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index fbcf1fe..2c87305 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,6 +15,6 @@ version: 1.0.2 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 -appVersion: "0.0.0" +appVersion: "latest" icon: https://media.task.media/images/logo.png From 0c450743bd5dd4d888a8af5568d1891fc05b8b1d Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 00:38:21 +0100 Subject: [PATCH 026/291] add Chart.lock to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 6345435..a60bbdc 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ # Chart dependencies **/charts/*.tgz +Chart.lock From 92793fb51c013caa6069554034d7c57e6677c362 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 00:55:20 +0100 Subject: [PATCH 027/291] add values with subchart values --- values.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/values.yaml b/values.yaml index e69de29..782ba16 100644 --- a/values.yaml +++ b/values.yaml @@ -0,0 +1,17 @@ +fullnameOverride: &global-fullnameOverride vpn-ios-profile +namespace: &global-namespace vpn + +# values of dependency chart ipsec-vpn-server +ipsec-vpn-server: + # Overwrite VPN configuration of ipsec-vpn-server chart + # recommended to overwrite name when using sealed-secrets + fullnameOverride: *global-fullnameOverride + namespace: *global-namespace + + vpn: + dns_name: vpn.example.com + psk: your_presharedkey + + users: + - username: vpn + password: password From 27ae54a00253dd1b7596c10cbd9e16edb0c0a5ee Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 17:35:02 +0100 Subject: [PATCH 028/291] add basic iosprofile structure VPN payload is not yet added --- templates/secret-ios-profile.yaml | 42 +++++++++++++++++++++++++++++++ values.yaml | 8 ++++++ 2 files changed, 50 insertions(+) create mode 100644 templates/secret-ios-profile.yaml diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml new file mode 100644 index 0000000..63297ea --- /dev/null +++ b/templates/secret-ios-profile.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "vpn-ios-profile.fullname" . }}-ios-profile + namespace: {{ .Values.namespace }} +data: +{{- range (index .Values "ipsec-vpn-server" "users") }} + vpn-{{ .username }}.mobileconfig: |- + + + + + ConsentText + + default + {{ print ($.Values.iosprofile.ConsentText | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + + HasRemovalPasscode + + PayloadContent + + + + PayloadDisplayName + {{ print ($.Values.iosprofile.PayloadDisplayName | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + PayloadDescription + {{ print ($.Values.iosprofile.PayloadDescription | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + PayloadIdentifier + {{ print ($.Values.iosprofile.PayloadIdentifier | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + PayloadOrganization + {{ print ($.Values.iosprofile.PayloadOrganization | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + {{ sha1sum (printf "%s-%s-%s" (index $.Values "ipsec-vpn-server" "vpn" "dns_name") .username "ios-profile") | upper }} + PayloadVersion + 1 + + +{{- end }} diff --git a/values.yaml b/values.yaml index 782ba16..ef3f6cd 100644 --- a/values.yaml +++ b/values.yaml @@ -15,3 +15,11 @@ ipsec-vpn-server: users: - username: vpn password: password + +iosprofile: + # You can use the variables %username and %dns_name. + ConsentText: "iOS Profile %username@%dns_name" + PayloadDisplayName: "iOS Profile to %dns_name with user %username" + PayloadDescription: "This iOS Profile provides VPN connection to %dns_name with the user %username" + PayloadIdentifier: "%dns_name.%username.ios-profile" + PayloadOrganization: "%dns_name" From 3dd4294700d171303bf019c3b68ac479396a9cb4 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 19:20:28 +0100 Subject: [PATCH 029/291] use variable for dns_name --- templates/secret-ios-profile.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index 63297ea..bcdb126 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -1,3 +1,4 @@ +{{- $dns_name := (index $.Values "ipsec-vpn-server" "vpn" "dns_name") -}} apiVersion: v1 kind: Secret metadata: @@ -13,7 +14,7 @@ data: ConsentText default - {{ print ($.Values.iosprofile.ConsentText | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + {{ print ($.Values.iosprofile.ConsentText | replace "%username" .username | replace "%dns_name" $dns_name) }} HasRemovalPasscode @@ -22,19 +23,19 @@ data: PayloadDisplayName - {{ print ($.Values.iosprofile.PayloadDisplayName | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + {{ print ($.Values.iosprofile.PayloadDisplayName | replace "%username" .username | replace "%dns_name" $dns_name) }} PayloadDescription - {{ print ($.Values.iosprofile.PayloadDescription | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + {{ print ($.Values.iosprofile.PayloadDescription | replace "%username" .username | replace "%dns_name" $dns_name) }} PayloadIdentifier - {{ print ($.Values.iosprofile.PayloadIdentifier | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + {{ print ($.Values.iosprofile.PayloadIdentifier | replace "%username" .username | replace "%dns_name" $dns_name) }} PayloadOrganization - {{ print ($.Values.iosprofile.PayloadOrganization | replace "%username" .username | replace "%dns_name" (index $.Values "ipsec-vpn-server" "vpn" "dns_name")) }} + {{ print ($.Values.iosprofile.PayloadOrganization | replace "%username" .username | replace "%dns_name" $dns_name) }} PayloadRemovalDisallowed PayloadType Configuration PayloadUUID - {{ sha1sum (printf "%s-%s-%s" (index $.Values "ipsec-vpn-server" "vpn" "dns_name") .username "ios-profile") | upper }} + {{ sha1sum (printf "%s-%s-%s" $dns_name .username "ios-profile") | upper }} PayloadVersion 1 From e215f9db00387d0568ae3d2cdd157070bc4da713 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 19:42:31 +0100 Subject: [PATCH 030/291] add vpn.always template --- templates/secret-ios-profile.yaml | 2 +- templates/vpn.always.tpl | 77 +++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 templates/vpn.always.tpl diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index bcdb126..151d06a 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -20,7 +20,7 @@ data: PayloadContent - + {{- include "vpn.always" (dict "root" $ "user" . ) | nindent 8 }} PayloadDisplayName {{ print ($.Values.iosprofile.PayloadDisplayName | replace "%username" .username | replace "%dns_name" $dns_name) }} diff --git a/templates/vpn.always.tpl b/templates/vpn.always.tpl new file mode 100644 index 0000000..510bde8 --- /dev/null +++ b/templates/vpn.always.tpl @@ -0,0 +1,77 @@ +{{/* +VPN configuration to enable VPN always +All communication will go through VPN on iOS when selected. +VPN will always reconnect on this mode. +*/}} +{{- define "vpn.always" -}} +{{- $dns_name := (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") -}} + + UserDefinedName + {{ $dns_name }} Always + + PayloadDisplayName + {{ $dns_name }} Always + + PayloadIdentifier + {{ $dns_name }}.{{ .user.username }}.always + + PayloadUUID + {{ sha1sum (printf "%s-%s-vpn-always" $dns_name .user.username) | upper }} + + VPNType + IPSec + + IPSec + + RemoteAddress + {{ $dns_name }} + + AuthenticationMethod + SharedSecret + + XAuthName + {{ .user.username }} + + XAuthPassword + {{ .user.password }} + + XAuthEnabled + 1 + + LocalIdentifierType + KeyID + + SharedSecret + + {{ (index .root.Values "ipsec-vpn-server" "vpn" "psk") | b64enc }} + + + + PayloadType + com.apple.vpn.managed + + PayloadVersion + 1 + + OnDemandEnabled + 1 + + OnDemandRules + + + Action + Connect + + + + OverridePrimary + + + IPv4 + + OverridePrimary + 1 + + + +{{- end }} From b70b8b70fe0e4d32119e9b0eee32ddc2b58ea8e4 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 20:05:19 +0100 Subject: [PATCH 031/291] add NOTES --- templates/NOTES.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 templates/NOTES.txt diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 0000000..7764739 --- /dev/null +++ b/templates/NOTES.txt @@ -0,0 +1,4 @@ +Your VPN server was created. +Please use the following command to get your iOS profile: + +$ kubectl get secrets vpn-ios-profile-ios-profile --template '{{ index .data "vpn-.mobileconfig" }}' | base64 -d From 95e56786e3013671359d130e9e95c5cca9ad5bca Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 20:08:09 +0100 Subject: [PATCH 032/291] fix typo; update title --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 389b62b..b33d601 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/ipsec-vpn-server)](https://artifacthub.io/packages/search?repo=ipsec-vpn-server) -# IPsec VPN Server Helm chart +# Helm chart: IPsec VPN server -Kubernetes [Helm](https://helm.sh) chart image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2. +Kubernetes [Helm](https://helm.sh) chart to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2. This is based on the docker image [hwdsl2/docker-ipsec-vpn-server](https://github.com/hwdsl2/docker-ipsec-vpn-server). The main goal is to simplify the deployment of a VPN server for k8s. From 72dcb89cc6de63403bb0e07adf8cd94dbbb6a95e Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 20:25:06 +0100 Subject: [PATCH 033/291] add README --- README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..779bc49 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# Helm chart: IPsec VPN server with iOS profile + +Kubernetes [Helm](https://helm.sh) chart to run a [IPsec VPN server](https://github.com/taskmedia/helm_ipsec-vpn-server) with provided iOS profile to directly connect your Apple device to use the VPN. + +The main goal is to simplify the usage of a VPN with iOS by creating a `.mobileconfig` file to be used to add a profile to your iPhone / iPad. + +The VPN will have three options how the connection should be managed: + +**1. Always**
+The VPN is always connected. +The connection will be keep alive until you select another VPN mode (e.g. manual). +When adding a VPN without a profile you do not have the option to automatically reconnect to the VPN. + +**2. WiFi**
+When connected to your WiFi (WLAN) you will not be connected to the VPN because it will be seen as trusted network. +You can specify a list of SSID (Networkname) which should be trusted. +(Warning: If network you connect shares the same SSID no VPN will be used even if it is not your own trusted network.) + +**3. Manual**
+If you do not want the VPN to be used automatically select this option. +This allows you to enable it whenever you need it. +You can enable the VPN connection in your iOS preferences. From 06971dfb6610bee265b3ff4dbdff79e5a06c8db1 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 20:45:25 +0100 Subject: [PATCH 034/291] add release workflow --- .github/workflows/release.yaml | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..f145006 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,40 @@ +name: Release +on: + release: + types: [published] +jobs: + build-and-deploy: + runs-on: ubuntu-latest + if: github.repository == 'taskmedia/helm_vpn-ios-profile' + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Helm + run: | + curl -L https://git.io/get_helm.sh | bash -s -- -v v3.7.1 + + - name: Create release binary + run: | + helm package ./ --destination release/ + + - name: Update Index + env: + PROJECT: github.com/taskmedia/helm_vpn-ios-profile + REPO_URL: https://vpn-ios-profile.helm.task.media + run: | + rm -rf ./gh-pages.zip + curl -sSLO https://${PROJECT}/archive/gh-pages.zip + unzip -oj ./gh-pages.zip -d ./repo/ + cp ./release/*tgz ./repo/ + cp ./README.md ./repo/index.md + helm repo index --merge ./repo/index.yaml --url ${REPO_URL} ./repo + + - name: Deploy + uses: JamesIves/github-pages-deploy-action@v4.2.5 + with: + branch: gh-pages + folder: repo + clean: false From e57395927eb4464647aec2d163ab9e50a5b4ed43 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 20:54:20 +0100 Subject: [PATCH 035/291] add dependency update to workflow --- .github/workflows/release.yaml | 4 ++++ Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f145006..ddf63f6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,6 +16,10 @@ jobs: run: | curl -L https://git.io/get_helm.sh | bash -s -- -v v3.7.1 + - name: Create release binary + run: | + helm dependency update + - name: Create release binary run: | helm package ./ --destination release/ diff --git a/Chart.yaml b/Chart.yaml index e83b43e..4607b28 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Deploy a VPN server in K8s with provided iOS profile type: application -version: 0.1.0 +version: 0.1.1 appVersion: "latest" From 68d89d81ce3eac955a41396f46cc5c91797e77d9 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 21:03:09 +0100 Subject: [PATCH 036/291] add ArtifactHub badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 779bc49..99eec64 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/vpn-ios-profile)](https://artifacthub.io/packages/search?repo=vpn-ios-profile) + # Helm chart: IPsec VPN server with iOS profile Kubernetes [Helm](https://helm.sh) chart to run a [IPsec VPN server](https://github.com/taskmedia/helm_ipsec-vpn-server) with provided iOS profile to directly connect your Apple device to use the VPN. From 59f9864898f89bf1e34f79dfa48e32caf6c60c24 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 21:09:10 +0100 Subject: [PATCH 037/291] update artifactHub url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b33d601..9ac8501 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/ipsec-vpn-server)](https://artifacthub.io/packages/search?repo=ipsec-vpn-server) +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/ipsec-vpn-server)](https://artifacthub.io/packages/helm/ipsec-vpn-server/ipsec-vpn-server) # Helm chart: IPsec VPN server From e6aa7fb7787a96bdc865f82b82ecaa3a0a29d6d0 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 21:21:05 +0100 Subject: [PATCH 038/291] update chart description --- Chart.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index 4607b28..cf7d1cb 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,12 @@ apiVersion: v2 name: vpn-ios-profile description: Deploy a VPN server in K8s with provided iOS profile +home: https://vpn-ios-profile.helm.task.media/ +keywords: + - vpn + - ipsec + - ios + - mobileconfig type: application @@ -12,3 +18,5 @@ dependencies: - name: ipsec-vpn-server version: 1.0.2 repository: "https://ipsec-vpn-server.helm.task.media/" + +icon: https://media.task.media/images/logo.png From 5232681b7e6101963645c1fb86c8568800ad2608 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 21:39:39 +0100 Subject: [PATCH 039/291] use stringData in secret This allows to use a not base64 encoded data input --- templates/secret-ios-profile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index 151d06a..af4be85 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -4,7 +4,7 @@ kind: Secret metadata: name: {{ include "vpn-ios-profile.fullname" . }}-ios-profile namespace: {{ .Values.namespace }} -data: +stringData: {{- range (index .Values "ipsec-vpn-server" "users") }} vpn-{{ .username }}.mobileconfig: |- From 911fc8c8ebeef03e2ca55f17094bd2ce3d07a1c9 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 20 Feb 2022 22:03:10 +0100 Subject: [PATCH 040/291] update artifactHub url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 99eec64..c2029f4 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/vpn-ios-profile)](https://artifacthub.io/packages/search?repo=vpn-ios-profile) +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/vpn-ios-profile)](https://artifacthub.io/packages/helm/vpn-ios-profile/vpn-ios-profile) # Helm chart: IPsec VPN server with iOS profile From ef138c23805ff96c5702bcc903ea33a5008734a4 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 22 Feb 2022 19:46:24 +0100 Subject: [PATCH 041/291] move helm chart repo to taskmedia/helm --- .github/workflows/release.yaml | 4 +++- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d309947..3ff6b0d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,7 +23,7 @@ jobs: - name: Update Index env: PROJECT: github.com/taskmedia/helm_ipsec-vpn-server - REPO_URL: https://ipsec-vpn-server.helm.task.media + REPO_URL: https://helm.task.media/ipsec-vpn-server run: | rm -rf ./gh-pages.zip curl -sSLO https://${PROJECT}/archive/gh-pages.zip @@ -35,6 +35,8 @@ jobs: - name: Deploy uses: JamesIves/github-pages-deploy-action@v4.2.5 with: + repository-name: taskmedia/helm branch: gh-pages + ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} folder: repo clean: false diff --git a/Chart.yaml b/Chart.yaml index 2c87305..555c619 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: ipsec-vpn-server description: Deploy IPsec VPN server inside K8s with optional sealed-secrets -home: https://ipsec-vpn-server.helm.task.media +home: https://helm.task.media/ipsec-vpn-server keywords: - vpn - ipsec From 0b844c37d5ae53b80fa45e1f9f9fb826b66d7168 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 22 Feb 2022 20:18:14 +0100 Subject: [PATCH 042/291] update version v1.1.0 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 555c619..fb0df37 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -11,7 +11,7 @@ sources: type: application -version: 1.0.2 +version: 1.1.0 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 From e3fede3efab6f47e1d17319e0e4a13722f587773 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 22 Feb 2022 20:52:39 +0100 Subject: [PATCH 043/291] move helm chart repo to taskmedia/helm --- .github/workflows/release.yaml | 4 +++- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ddf63f6..78eabba 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: - name: Update Index env: PROJECT: github.com/taskmedia/helm_vpn-ios-profile - REPO_URL: https://vpn-ios-profile.helm.task.media + REPO_URL: https://helm.task.media/vpn-ios-profile run: | rm -rf ./gh-pages.zip curl -sSLO https://${PROJECT}/archive/gh-pages.zip @@ -39,6 +39,8 @@ jobs: - name: Deploy uses: JamesIves/github-pages-deploy-action@v4.2.5 with: + repository-name: taskmedia/helm branch: gh-pages + ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} folder: repo clean: false diff --git a/Chart.yaml b/Chart.yaml index cf7d1cb..76a17f9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: vpn-ios-profile description: Deploy a VPN server in K8s with provided iOS profile -home: https://vpn-ios-profile.helm.task.media/ +home: https://helm.task.media/vpn-ios-profile/ keywords: - vpn - ipsec From b0417b3eb58c31fba90af8bb97bfb9dec4822d96 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 22 Feb 2022 20:53:09 +0100 Subject: [PATCH 044/291] update version v0.2.0 update dependency to ipsec-vpn-server to version v1.1.0 --- Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 76a17f9..09a33b8 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -10,13 +10,13 @@ keywords: type: application -version: 0.1.1 +version: 0.2.0 appVersion: "latest" dependencies: - name: ipsec-vpn-server - version: 1.0.2 - repository: "https://ipsec-vpn-server.helm.task.media/" + version: 1.1.0 + repository: "https://helm.task.media/" icon: https://media.task.media/images/logo.png From f855ab308da33070d8ba2f16328b6dd85abcfa1d Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 22 Feb 2022 23:18:09 +0100 Subject: [PATCH 045/291] fix deploy paths --- .github/workflows/release.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3ff6b0d..727d796 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,15 +22,19 @@ jobs: - name: Update Index env: - PROJECT: github.com/taskmedia/helm_ipsec-vpn-server - REPO_URL: https://helm.task.media/ipsec-vpn-server + GH_PAGES_URL: github.com/taskmedia/helm + REPO_NAME: ipsec-vpn-server + HELM_URL: https://helm.task.media/ run: | rm -rf ./gh-pages.zip - curl -sSLO https://${PROJECT}/archive/gh-pages.zip - unzip -oj ./gh-pages.zip -d ./repo/ - cp ./release/*tgz ./repo/ - cp ./README.md ./repo/index.md - helm repo index --merge ./repo/index.yaml --url ${REPO_URL} ./repo + rm -rf ./repo + curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip + unzip -o ./gh-pages.zip -d ./repo/ + mv -f ./repo/helm-gh-pages/* ./repo + rm -rf ./repo/helm-gh-pages/ + cp ./release/*tgz ./repo/${REPO_NAME}/ + cp ./README.md ./repo/${REPO_NAME}/index.md + helm repo index --merge ./repo/index.yaml --url ${HELM_URL}/${REPO_NAME} ./repo - name: Deploy uses: JamesIves/github-pages-deploy-action@v4.2.5 From 0c6ba2eeb817cf756c06fe474ebfca5c64a8ad60 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 22 Feb 2022 23:20:46 +0100 Subject: [PATCH 046/291] fix deploy paths --- .github/workflows/release.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 78eabba..c90f9d0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -26,15 +26,19 @@ jobs: - name: Update Index env: - PROJECT: github.com/taskmedia/helm_vpn-ios-profile - REPO_URL: https://helm.task.media/vpn-ios-profile + GH_PAGES_URL: github.com/taskmedia/helm + REPO_NAME: vpn-ios-profile + HELM_URL: https://helm.task.media/ run: | rm -rf ./gh-pages.zip - curl -sSLO https://${PROJECT}/archive/gh-pages.zip - unzip -oj ./gh-pages.zip -d ./repo/ - cp ./release/*tgz ./repo/ - cp ./README.md ./repo/index.md - helm repo index --merge ./repo/index.yaml --url ${REPO_URL} ./repo + rm -rf ./repo + curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip + unzip -o ./gh-pages.zip -d ./repo/ + mv -f ./repo/helm-gh-pages/* ./repo + rm -rf ./repo/helm-gh-pages/ + cp ./release/*tgz ./repo/${REPO_NAME}/ + cp ./README.md ./repo/${REPO_NAME}/index.md + helm repo index --merge ./repo/index.yaml --url ${HELM_URL}/${REPO_NAME} ./repo - name: Deploy uses: JamesIves/github-pages-deploy-action@v4.2.5 From 9f3af5230b38bdc4ec1ae925c367fa20ff1739f8 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 22 Feb 2022 23:28:50 +0100 Subject: [PATCH 047/291] fix repo index url --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 727d796..128b655 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,7 +34,7 @@ jobs: rm -rf ./repo/helm-gh-pages/ cp ./release/*tgz ./repo/${REPO_NAME}/ cp ./README.md ./repo/${REPO_NAME}/index.md - helm repo index --merge ./repo/index.yaml --url ${HELM_URL}/${REPO_NAME} ./repo + helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy uses: JamesIves/github-pages-deploy-action@v4.2.5 From 1f7fbeccfc1558f4e7c1604df4b85f5356662db1 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 22 Feb 2022 23:30:29 +0100 Subject: [PATCH 048/291] fix repo index url --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c90f9d0..53d5829 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,7 +38,7 @@ jobs: rm -rf ./repo/helm-gh-pages/ cp ./release/*tgz ./repo/${REPO_NAME}/ cp ./README.md ./repo/${REPO_NAME}/index.md - helm repo index --merge ./repo/index.yaml --url ${HELM_URL}/${REPO_NAME} ./repo + helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy uses: JamesIves/github-pages-deploy-action@v4.2.5 From aa6c9316c7226903f8e0cd77404edcc35743469c Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 18:47:06 +0100 Subject: [PATCH 049/291] udate repo url; update artifacthub badge --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9ac8501..b21cae4 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/ipsec-vpn-server)](https://artifacthub.io/packages/helm/ipsec-vpn-server/ipsec-vpn-server) +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/ipsec-vpn-server) # Helm chart: IPsec VPN server @@ -22,13 +22,13 @@ To deploy the Helm chart please check out this repository and copy the [`values. After it was modified you can deploy the chart with the following command. ```bash -$ helm repo add tm-ipsec-vpn https://ipsec-vpn-server.helm.task.media +$ helm repo add taskmedia https://helm.task.media $ helm repo update -$ helm show values tm-ipsec-vpn/ipsec-vpn-server > ./my-values.yaml +$ helm show values taskmedia/ipsec-vpn-server > ./my-values.yaml $ vi ./my-values.yaml -$ helm upgrade --install vpn tm-ipsec-vpn/ipsec-vpn-server --values ./my-values.yaml +$ helm upgrade --install vpn taskmedia/ipsec-vpn-server --values ./my-values.yaml ``` ## Using sealed-secrets From 4630a5f47291a326a8c41d01d238f054cbef720e Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 18:48:01 +0100 Subject: [PATCH 050/291] update artifacthub badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c2029f4..ae66ae7 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/vpn-ios-profile)](https://artifacthub.io/packages/helm/vpn-ios-profile/vpn-ios-profile) +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/vpn-ios-profile) # Helm chart: IPsec VPN server with iOS profile From dced9f167e4e95d433850062bf60d81b5369d137 Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 19:27:21 +0100 Subject: [PATCH 051/291] update readme installation description --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b21cae4..978b5c7 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ You find detailed documentation in the section [Using sealed-secrets](#Using-sea ## Installation -To deploy the Helm chart please check out this repository and copy the [`values.yaml`](./values.yaml)-file. +To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. After it was modified you can deploy the chart with the following command. ```bash From 851d073ce97fbb9021c9ffaebc461f819da7c45a Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 19:28:04 +0100 Subject: [PATCH 052/291] add installation description to readme --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index ae66ae7..e630a3d 100644 --- a/README.md +++ b/README.md @@ -22,3 +22,18 @@ You can specify a list of SSID (Networkname) which should be trusted. If you do not want the VPN to be used automatically select this option. This allows you to enable it whenever you need it. You can enable the VPN connection in your iOS preferences. + +## Installation + +To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. +After it was modified you can deploy the chart with the following command. + +```bash +$ helm repo add taskmedia https://helm.task.media +$ helm repo update + +$ helm show values taskmedia/vpn-ios-profile > ./my-values.yaml +$ vi ./my-values.yaml + +$ helm upgrade --install vpn taskmedia/vpn-ios-profile --values ./my-values.yaml +``` From b34689feed4b0812e4eb97c988686ab938db010b Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 22:50:23 +0100 Subject: [PATCH 053/291] fix deployment labels --- templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/deployment.yaml b/templates/deployment.yaml index ce9ceec..713f76d 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -6,11 +6,11 @@ metadata: spec: selector: matchLabels: - app.kubernetes.io/name: vpn-server + app.kubernetes.io/name: {{ template "ipsec-vpn-server.fullname" . }}-vpn-server template: metadata: labels: - app.kubernetes.io/name: vpn-server + app.kubernetes.io/name: {{ template "ipsec-vpn-server.fullname" . }}-vpn-server spec: initContainers: - name: init-config From bf529ee72f643f6f9e6a862c40aee384cc1e509a Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 22:56:35 +0100 Subject: [PATCH 054/291] removing resource limits --- templates/deployment.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 713f76d..3af1a9a 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -41,10 +41,6 @@ spec: containers: - name: vpn-server image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - resources: - limits: - memory: "128Mi" - cpu: "500m" securityContext: privileged: true ports: From ac34c68139b2bcf2cbd6bf692b712ff134a1f59c Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 22:57:23 +0100 Subject: [PATCH 055/291] increase version to v1.1.1 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index fb0df37..a128b73 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -11,7 +11,7 @@ sources: type: application -version: 1.1.0 +version: 1.1.1 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 From b2b09cbce5f59db6b6bdb524cac439413f21b1f4 Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 23:02:37 +0100 Subject: [PATCH 056/291] update to ipsec-vpn-server; v0.2.1 --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 09a33b8..0f91b18 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -10,13 +10,13 @@ keywords: type: application -version: 0.2.0 +version: 0.2.1 appVersion: "latest" dependencies: - name: ipsec-vpn-server - version: 1.1.0 + version: 1.1.1 repository: "https://helm.task.media/" icon: https://media.task.media/images/logo.png From 8081caf7c8297e286f9bacbd5ed35d51c1d39358 Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Feb 2022 23:24:10 +0100 Subject: [PATCH 057/291] escape notes command go templating has to be escaped for template value increase to v0.2.2 --- Chart.yaml | 2 +- templates/NOTES.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 0f91b18..dffd350 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -10,7 +10,7 @@ keywords: type: application -version: 0.2.1 +version: 0.2.2 appVersion: "latest" diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 7764739..f6b8a61 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -1,4 +1,4 @@ Your VPN server was created. Please use the following command to get your iOS profile: -$ kubectl get secrets vpn-ios-profile-ios-profile --template '{{ index .data "vpn-.mobileconfig" }}' | base64 -d +$ kubectl get secrets vpn-ios-profile-ios-profile --template '{{`{{ index .data "vpn-.mobileconfig" }}`}}' | base64 -d From 9cf8573680a076cdd9cf62745adf18f7d3a26426 Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 25 Feb 2022 23:40:55 +0100 Subject: [PATCH 058/291] add vpn profiles for manual and wifi --- templates/secret-ios-profile.yaml | 2 + templates/vpn.always.tpl | 4 +- templates/vpn.manual.tpl | 65 ++++++++++++++++++++ templates/vpn.wifi.tpl | 99 +++++++++++++++++++++++++++++++ values.yaml | 4 ++ 5 files changed, 172 insertions(+), 2 deletions(-) create mode 100644 templates/vpn.manual.tpl create mode 100644 templates/vpn.wifi.tpl diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index af4be85..407c6e1 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -21,6 +21,8 @@ stringData: PayloadContent {{- include "vpn.always" (dict "root" $ "user" . ) | nindent 8 }} + {{- include "vpn.manual" (dict "root" $ "user" . ) | nindent 8 }} + {{- include "vpn.wifi" (dict "root" $ "user" . ) | nindent 8 }} PayloadDisplayName {{ print ($.Values.iosprofile.PayloadDisplayName | replace "%username" .username | replace "%dns_name" $dns_name) }} diff --git a/templates/vpn.always.tpl b/templates/vpn.always.tpl index 510bde8..e6755b0 100644 --- a/templates/vpn.always.tpl +++ b/templates/vpn.always.tpl @@ -7,10 +7,10 @@ VPN will always reconnect on this mode. {{- $dns_name := (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") -}} UserDefinedName - {{ $dns_name }} Always + {{ $dns_name }} always PayloadDisplayName - {{ $dns_name }} Always + {{ $dns_name }} always PayloadIdentifier {{ $dns_name }}.{{ .user.username }}.always diff --git a/templates/vpn.manual.tpl b/templates/vpn.manual.tpl new file mode 100644 index 0000000..d2024ae --- /dev/null +++ b/templates/vpn.manual.tpl @@ -0,0 +1,65 @@ +{{/* +VPN configuration to enable VPN manual +Connection can be disabled by this setting and enabled for a period of time if necessary. +*/}} +{{- define "vpn.manual" -}} +{{- $dns_name := (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") -}} + + UserDefinedName + {{ $dns_name }} manual + + PayloadDisplayName + {{ $dns_name }} manual + + PayloadIdentifier + {{ $dns_name }}.{{ .user.username }}.manual + + PayloadUUID + {{ sha1sum (printf "%s-%s-vpn-manual" $dns_name .user.username) | upper }} + + VPNType + IPSec + + IPSec + + RemoteAddress + {{ $dns_name }} + + AuthenticationMethod + SharedSecret + + XAuthName + {{ .user.username }} + + XAuthPassword + {{ .user.password }} + + XAuthEnabled + 1 + + LocalIdentifierType + KeyID + + SharedSecret + + {{ (index .root.Values "ipsec-vpn-server" "vpn" "psk") | b64enc }} + + + + PayloadType + com.apple.vpn.managed + + PayloadVersion + 1 + + OverridePrimary + + + IPv4 + + OverridePrimary + 1 + + + +{{- end }} diff --git a/templates/vpn.wifi.tpl b/templates/vpn.wifi.tpl new file mode 100644 index 0000000..1361f94 --- /dev/null +++ b/templates/vpn.wifi.tpl @@ -0,0 +1,99 @@ +{{/* +VPN configuration to enable VPN always when not connected to known network +All communication will go through VPN on iOS when selected and not in list of known networks. +VPN will always reconnect on this mode. +*/}} +{{- define "vpn.wifi" -}} +{{- $dns_name := (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") -}} + + UserDefinedName + {{ $dns_name }} Wi-Fi + + PayloadDisplayName + {{ $dns_name }} Wi-Fi + + PayloadIdentifier + {{ $dns_name }}.{{ .user.username }}.wifi + + PayloadUUID + {{ sha1sum (printf "%s-%s-vpn-wifi" $dns_name .user.username) | upper }} + + VPNType + IPSec + + IPSec + + RemoteAddress + {{ $dns_name }} + + AuthenticationMethod + SharedSecret + + XAuthName + {{ .user.username }} + + XAuthPassword + {{ .user.password }} + + XAuthEnabled + 1 + + LocalIdentifierType + KeyID + + SharedSecret + + {{ (index .root.Values "ipsec-vpn-server" "vpn" "psk") | b64enc }} + + + + PayloadType + com.apple.vpn.managed + + PayloadVersion + 1 + + OnDemandEnabled + 1 + + OnDemandRules + + + InterfaceTypeMatch + WiFi + + SSIDMatch + + {{- range .root.Values.trusted_ssids }} + {{- . -}} + {{- end}} + + + Action + Disconnect + + + InterfaceTypeMatch + WiFi + + Action + Connect + + + + Action + Disconnect + + + + OverridePrimary + + + IPv4 + + OverridePrimary + 1 + + + +{{- end }} diff --git a/values.yaml b/values.yaml index ef3f6cd..0406ff8 100644 --- a/values.yaml +++ b/values.yaml @@ -1,6 +1,10 @@ fullnameOverride: &global-fullnameOverride vpn-ios-profile namespace: &global-namespace vpn +trusted_ssids: + - myhome-network + - corp-network + # values of dependency chart ipsec-vpn-server ipsec-vpn-server: # Overwrite VPN configuration of ipsec-vpn-server chart From 8defdea08685ff8522e6539a131b72c8c9a04032 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 1 May 2022 19:32:26 +0200 Subject: [PATCH 059/291] feat: add imagePullPolicy Add ability to specify the imagePullPolicy for the vpn-server container. Default is Always because the image only uses the latest tag - otherwise the image would not be updated. --- Chart.yaml | 2 +- templates/deployment.yaml | 1 + values.yaml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index a128b73..4bc0247 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -11,7 +11,7 @@ sources: type: application -version: 1.1.1 +version: 1.1.2 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 3af1a9a..35d5899 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -41,6 +41,7 @@ spec: containers: - name: vpn-server image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: privileged: true ports: diff --git a/values.yaml b/values.yaml index 1366938..2d7ef9a 100644 --- a/values.yaml +++ b/values.yaml @@ -6,6 +6,7 @@ namespace: vpn image: repository: hwdsl2/ipsec-vpn-server tag: latest + pullPolicy: Always sealed_secrets: false From c77c9be35504811aa6b779a07410b2b5bc77f677 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 1 May 2022 19:37:23 +0200 Subject: [PATCH 060/291] feat: update dep ipsec-vpn-server v1.1.2 this will change to use imagePullPolicy always with the vpn-server container --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index dffd350..76119ed 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -10,13 +10,13 @@ keywords: type: application -version: 0.2.2 +version: 0.2.1 appVersion: "latest" dependencies: - name: ipsec-vpn-server - version: 1.1.1 + version: 1.1.2 repository: "https://helm.task.media/" icon: https://media.task.media/images/logo.png From c004dcfd57fa68d4bf1ea5d1ce68e36c97ab29aa Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 1 May 2022 19:39:23 +0200 Subject: [PATCH 061/291] bug: update chart version to v0.2.3 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 76119ed..d50f074 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -10,7 +10,7 @@ keywords: type: application -version: 0.2.1 +version: 0.2.3 appVersion: "latest" From d3b582ad70f5ab9a06f490f9d08ddd4430d05cf9 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 13:00:15 +0200 Subject: [PATCH 062/291] feat(ns): remove namespace namespace should not be configured via values - it should automatically select the current namespace --- templates/configmap.yaml | 1 - templates/secret-sealed.yaml | 1 - templates/secret.yaml | 1 - values.yaml | 2 -- 4 files changed, 5 deletions(-) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index b383b46..3ed689a 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "ipsec-vpn-server.fullname" . }}-vpnscript - namespace: {{ .Values.namespace }} data: create-env.sh: |- #!/usr/local/bin/bash diff --git a/templates/secret-sealed.yaml b/templates/secret-sealed.yaml index a9bad48..2c11f95 100644 --- a/templates/secret-sealed.yaml +++ b/templates/secret-sealed.yaml @@ -3,7 +3,6 @@ apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: name: {{ include "ipsec-vpn-server.fullname" . }}-vpnconfig - namespace: {{ .Values.namespace }} spec: encryptedData: psk: {{ .Values.vpn.psk }} diff --git a/templates/secret.yaml b/templates/secret.yaml index 8ffa728..2bc0f3d 100644 --- a/templates/secret.yaml +++ b/templates/secret.yaml @@ -3,7 +3,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "ipsec-vpn-server.fullname" . }}-vpnconfig - namespace: {{ .Values.namespace }} data: psk: {{ .Values.vpn.psk | b64enc }} {{- range .Values.users }} diff --git a/values.yaml b/values.yaml index 2d7ef9a..e6ac1b2 100644 --- a/values.yaml +++ b/values.yaml @@ -1,8 +1,6 @@ # recommended to overwrite name when using sealed-secrets fullnameOverride: vpn -namespace: vpn - image: repository: hwdsl2/ipsec-vpn-server tag: latest From 2565a3a9138646c0ea9dc8e78b82900cac3060a0 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 13:06:09 +0200 Subject: [PATCH 063/291] feat(ns): remove namespace namespace should not be configured via values - it should automatically select the current namespace --- templates/secret-ios-profile.yaml | 1 - values.yaml | 2 -- 2 files changed, 3 deletions(-) diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index 407c6e1..bfba679 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -3,7 +3,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "vpn-ios-profile.fullname" . }}-ios-profile - namespace: {{ .Values.namespace }} stringData: {{- range (index .Values "ipsec-vpn-server" "users") }} vpn-{{ .username }}.mobileconfig: |- diff --git a/values.yaml b/values.yaml index 0406ff8..0cf92e8 100644 --- a/values.yaml +++ b/values.yaml @@ -1,5 +1,4 @@ fullnameOverride: &global-fullnameOverride vpn-ios-profile -namespace: &global-namespace vpn trusted_ssids: - myhome-network @@ -10,7 +9,6 @@ ipsec-vpn-server: # Overwrite VPN configuration of ipsec-vpn-server chart # recommended to overwrite name when using sealed-secrets fullnameOverride: *global-fullnameOverride - namespace: *global-namespace vpn: dns_name: vpn.example.com From 967dccae92accaad1733eb4f7f5314359284fa8d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 16:35:30 +0200 Subject: [PATCH 064/291] bug(release): update chart version --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 4bc0247..cf8e28d 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -11,7 +11,7 @@ sources: type: application -version: 1.1.2 +version: 1.1.4 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 From 9d571b938815831bf00c41ce346462122f03fa14 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 16:47:49 +0200 Subject: [PATCH 065/291] feat(ns): update dep ipsec-vpn-server to v1.1.4 new version does not require namespace definition in values.yaml --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index d50f074..66065a2 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -16,7 +16,7 @@ appVersion: "latest" dependencies: - name: ipsec-vpn-server - version: 1.1.2 + version: 1.1.4 repository: "https://helm.task.media/" icon: https://media.task.media/images/logo.png From 786a4d68859d37a5d261447aa3151e5d2216c16e Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 18:10:50 +0200 Subject: [PATCH 066/291] feat(test): test mobileconfig file Adding a test to compare a pregenerated mobileconfig file with the generated one from default values. --- templates/tests/test-connection.yaml | 45 +++++ test/vpn-vpn.mobileconfig | 249 +++++++++++++++++++++++++++ 2 files changed, 294 insertions(+) create mode 100644 templates/tests/test-connection.yaml create mode 100644 test/vpn-vpn.mobileconfig diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml new file mode 100644 index 0000000..48383a5 --- /dev/null +++ b/templates/tests/test-connection.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "vpn-ios-profile.fullname" . }}-test-connection" + labels: + {{- include "vpn-ios-profile.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: compare-mobileconfig + image: bash:alpine3.15 + command: + - /bin/sh + - -c + - | + # install full version of diff (busybox is not enought) + apk update + apk add diffutils + + expected_file="/test_expected/vpn-vpn.mobileconfig" + actual_file="/test/vpn-{{ print (index .Values "ipsec-vpn-server" "users" 0 "username") }}.mobileconfig" + + # ensure path is present + mkdir -p $(dirname $expected_file) + + cat < $expected_file + {{ .Files.Get "test/vpn-vpn.mobileconfig" | nindent 10 }} + EOF + + diff \ + --ignore-all-space \ + --ignore-blank-lines \ + $expected_file \ + $actual_file + + volumeMounts: + - name: ios-profile + mountPath: /test + restartPolicy: Never + + volumes: + - name: ios-profile + secret: + secretName: {{ include "vpn-ios-profile.fullname" . }}-ios-profile diff --git a/test/vpn-vpn.mobileconfig b/test/vpn-vpn.mobileconfig new file mode 100644 index 0000000..1fc6a25 --- /dev/null +++ b/test/vpn-vpn.mobileconfig @@ -0,0 +1,249 @@ + + + + + ConsentText + + default + iOS Profile vpn@vpn.example.com + + HasRemovalPasscode + + PayloadContent + + + UserDefinedName + vpn.example.com always + + PayloadDisplayName + vpn.example.com always + + PayloadIdentifier + vpn.example.com.vpn.always + + PayloadUUID + 7A48801E2EE20A88BE29C703D8AB15EEB5A1B0C7 + + VPNType + IPSec + + IPSec + + RemoteAddress + vpn.example.com + + AuthenticationMethod + SharedSecret + + XAuthName + vpn + + XAuthPassword + password + + XAuthEnabled + 1 + + LocalIdentifierType + KeyID + + SharedSecret + + eW91cl9wcmVzaGFyZWRrZXk= + + + + PayloadType + com.apple.vpn.managed + + PayloadVersion + 1 + + OnDemandEnabled + 1 + + OnDemandRules + + + Action + Connect + + + + OverridePrimary + + + IPv4 + + OverridePrimary + 1 + + + + + UserDefinedName + vpn.example.com manual + + PayloadDisplayName + vpn.example.com manual + + PayloadIdentifier + vpn.example.com.vpn.manual + + PayloadUUID + AC75AC649AA2452990D5C3CFFB817044B9855E79 + + VPNType + IPSec + + IPSec + + RemoteAddress + vpn.example.com + + AuthenticationMethod + SharedSecret + + XAuthName + vpn + + XAuthPassword + password + + XAuthEnabled + 1 + + LocalIdentifierType + KeyID + + SharedSecret + + eW91cl9wcmVzaGFyZWRrZXk= + + + + PayloadType + com.apple.vpn.managed + + PayloadVersion + 1 + + OverridePrimary + + + IPv4 + + OverridePrimary + 1 + + + + + UserDefinedName + vpn.example.com Wi-Fi + + PayloadDisplayName + vpn.example.com Wi-Fi + + PayloadIdentifier + vpn.example.com.vpn.wifi + + PayloadUUID + 1630A29621C0D601FD70F4D97BBEC1BBEDA3D0E7 + + VPNType + IPSec + + IPSec + + RemoteAddress + vpn.example.com + + AuthenticationMethod + SharedSecret + + XAuthName + vpn + + XAuthPassword + password + + XAuthEnabled + 1 + + LocalIdentifierType + KeyID + + SharedSecret + + eW91cl9wcmVzaGFyZWRrZXk= + + + + PayloadType + com.apple.vpn.managed + + PayloadVersion + 1 + + OnDemandEnabled + 1 + + OnDemandRules + + + InterfaceTypeMatch + WiFi + + SSIDMatch + + myhome-network + corp-network + + + Action + Disconnect + + + InterfaceTypeMatch + WiFi + + Action + Connect + + + + Action + Disconnect + + + + OverridePrimary + + + IPv4 + + OverridePrimary + 1 + + + + + PayloadDisplayName + iOS Profile to vpn.example.com with user vpn + PayloadDescription + This iOS Profile provides VPN connection to vpn.example.com with the user vpn + PayloadIdentifier + vpn.example.com.vpn.ios-profile + PayloadOrganization + vpn.example.com + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + 96EA10AB95F653AF53DD78FBCA737E4ED68DFE56 + PayloadVersion + 1 + + From b719ff4189bace4971d8e98b4db4cef5fff6e9ab Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 18:20:08 +0200 Subject: [PATCH 067/291] feat(ci/cd): add test workflow --- .github/workflows/test.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..c0ffde4 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,33 @@ +name: Test Helm chart + +on: + push: + branches: + - "*" + +jobs: + test: + name: Test Helm chart + runs-on: ubuntu-latest + + steps: + - name: checkout repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: set up Helm + uses: action/helm@main + + - name: setup python + uses: actions/setup-python@v2 + with: + python-version: 3.7 + + - name: set up chart-testing + uses: helm/chart-testing-action@v2.2.1 + + - name: run chart-testing (lint) + run: | + ct lint \ + --charts ./ From e916688a05be7a330fe99a1c98639afbcfd9529d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 18:24:55 +0200 Subject: [PATCH 068/291] fix(ci/cd): use correct Helm action --- .github/workflows/test.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c0ffde4..e7003dd 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -17,7 +17,9 @@ jobs: fetch-depth: 0 - name: set up Helm - uses: action/helm@main + uses: azure/setup-helm@v1 + with: + version: v3.8.1 - name: setup python uses: actions/setup-python@v2 From f25067c8a95768d17cea06d38b864fdb3c613753 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 18:27:17 +0200 Subject: [PATCH 069/291] fix(chart): add maintainer to charts --- Chart.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index 66065a2..a528805 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -8,6 +8,10 @@ keywords: - ios - mobileconfig +maintainers: + - name: taskmedia + url: https://task.media + type: application version: 0.2.3 From dde91d3442b0882f479aaac115f84891d485a27d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 18:37:09 +0200 Subject: [PATCH 070/291] fix(ci/cd): trigger test pipeline also on PR as in #6 described the PR did not recive any testing from the workflow --- .github/workflows/test.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index e7003dd..425ec24 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,9 +1,11 @@ name: Test Helm chart on: + pull_request: + push: branches: - - "*" + - "main" jobs: test: From a06e53fe1bd92a3722dbab89197cb3574271193b Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 19:00:25 +0200 Subject: [PATCH 071/291] feat(ci/cd): add test installation in pipeline To test the installation of the Helm chart (not only lint the chart) this will create a test cluster and test the installation. --- .github/workflows/test.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 425ec24..090804f 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -35,3 +35,11 @@ jobs: run: | ct lint \ --charts ./ + + - name: create kind cluster + uses: helm/kind-action@v1.2.0 + + - name: run chart-testing (install) + run: | + ct install \ + --charts ./ From b6accac5c6fbeeb745a46b9a4d7f8f5c9c668787 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 19:12:03 +0200 Subject: [PATCH 072/291] bug(ci/cd): setup helm repo for chart dependencies When a chart depends on other charts the repo of these charts has to be already available for Helm in the repo list. This step will manually add the repo to the list (this step should be automated later). --- .github/workflows/test.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 090804f..859084f 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -39,6 +39,10 @@ jobs: - name: create kind cluster uses: helm/kind-action@v1.2.0 + - name: setup chart dependency repository + run: | + helm repo add taskmedia https://helm.task.media/ + - name: run chart-testing (install) run: | ct install \ From 608f44663771d42631b1d9ea67f42434bf00cddd Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 19:46:11 +0200 Subject: [PATCH 073/291] feat(ci/cd): add release-drafter --- .github/release-drafter.yaml | 39 ++++++++++++++++++++++++++ .github/workflows/release-drafter.yaml | 15 ++++++++++ 2 files changed, 54 insertions(+) create mode 100644 .github/release-drafter.yaml create mode 100644 .github/workflows/release-drafter.yaml diff --git a/.github/release-drafter.yaml b/.github/release-drafter.yaml new file mode 100644 index 0000000..2a6a9ec --- /dev/null +++ b/.github/release-drafter.yaml @@ -0,0 +1,39 @@ +name-template: "v$RESOLVED_VERSION" +tag-template: "v$RESOLVED_VERSION" +categories: + - title: "🔥 Enhancements" + labels: + - "enhancement" + - "feature" + - title: "🐛 Bug Fixes" + labels: + - "fix" + - "bug" + - title: "📓 Documentation" + labels: + - "documentation" + - title: "🛂 Test" + labels: + - "test" + - title: "🐋 Docker" + labels: + - "docker" +exclude-labels: + - "skip-changelog" +change-template: "- $TITLE @$AUTHOR (#$NUMBER)" +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: + - "major" + minor: + labels: + - "minor" + patch: + labels: + - "patch" + default: patch +template: | + ## Changes since - $PREVIOUS_TAG + + $CHANGES diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml new file mode 100644 index 0000000..6c09ced --- /dev/null +++ b/.github/workflows/release-drafter.yaml @@ -0,0 +1,15 @@ +name: release drafter + +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + update_release_draft: + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 3f1b53e100ceb23eb4c9fc5bd05b920d621264f3 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 3 May 2022 19:53:27 +0200 Subject: [PATCH 074/291] bug(ci/cd): fix release-drafter config name used yaml instead of yml --- .github/{release-drafter.yaml => release-drafter.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{release-drafter.yaml => release-drafter.yml} (100%) diff --git a/.github/release-drafter.yaml b/.github/release-drafter.yml similarity index 100% rename from .github/release-drafter.yaml rename to .github/release-drafter.yml From c3299457b4dd012d7c30d3d58c6c5f66ce669f59 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 31 Oct 2022 14:10:56 +0100 Subject: [PATCH 075/291] chore(cicd): use azure-setup-helm action --- .github/workflows/release.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 128b655..9b91b0b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,9 +12,9 @@ jobs: with: fetch-depth: 0 - - name: Install Helm - run: | - curl -L https://git.io/get_helm.sh | bash -s -- -v v3.7.1 + - uses: azure/setup-helm@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} - name: Create release binary run: | From 52d6175275358bc5a9c95421f91dd1ffe04b9701 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 31 Oct 2022 14:13:59 +0100 Subject: [PATCH 076/291] feat(cicd): add ghcr Helm push --- .github/workflows/release.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9b91b0b..c17acf0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,6 +19,12 @@ jobs: - name: Create release binary run: | helm package ./ --destination release/ + + - name: login ghcr registry + run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin + + - name: push Helm chart to ghcr + run: helm push ./release/*tgz oci://ghcr.io/taskmedia - name: Update Index env: From 31403946a88d41e3aa4c5ea0b6e633c4ae663d05 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 31 Oct 2022 14:40:33 +0100 Subject: [PATCH 077/291] feat(cicd): add ghcr Helm push --- .github/workflows/release.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 53d5829..c7273ac 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -18,11 +18,17 @@ jobs: - name: Create release binary run: | - helm dependency update + helm dependency update - name: Create release binary run: | helm package ./ --destination release/ + + - name: login ghcr registry + run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin + + - name: push Helm chart to ghcr + run: helm push ./release/*tgz oci://ghcr.io/taskmedia - name: Update Index env: From 2b7ff6c3eba365663aebe14e795ed34a9d95354f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 31 Oct 2022 14:41:39 +0100 Subject: [PATCH 078/291] chore(cicd): use azure-setup-helm action --- .github/workflows/release.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 53d5829..3e07cdc 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,9 +12,9 @@ jobs: with: fetch-depth: 0 - - name: Install Helm - run: | - curl -L https://git.io/get_helm.sh | bash -s -- -v v3.7.1 + - uses: azure/setup-helm@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} - name: Create release binary run: | From bb4e509dc8c7e553ea83996f329f150f888f301f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 31 Oct 2022 15:10:31 +0100 Subject: [PATCH 079/291] chore(doc): add ghcr comment --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index e630a3d..b7dbe0e 100644 --- a/README.md +++ b/README.md @@ -37,3 +37,9 @@ $ vi ./my-values.yaml $ helm upgrade --install vpn taskmedia/vpn-ios-profile --values ./my-values.yaml ``` + +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): + +```bash +$ helm upgrade --install vpn oci://ghcr.io/taskmedia/vpn-ios-profile +``` From 850b76ee7bf0e40d080f65a49e8e2ce2cd5adeb8 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 31 Oct 2022 15:10:45 +0100 Subject: [PATCH 080/291] chore(doc): add ghcr OCI installation --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 978b5c7..f5707e0 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,12 @@ $ vi ./my-values.yaml $ helm upgrade --install vpn taskmedia/ipsec-vpn-server --values ./my-values.yaml ``` +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): + +```bash +$ helm upgrade --install vpn oci://ghcr.io/taskmedia/ipsec-vpn-server +``` + ## Using sealed-secrets To ensure your passwords can be committed to the repository (GitOps) without security issues you can use the integrated [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) approach. From 434ec497ba665b4824db0d1470f1353cffac31d3 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 2 Nov 2022 10:07:09 +0100 Subject: [PATCH 081/291] feat(cicd): add dockerhub Helm push --- .github/workflows/release.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c17acf0..43ed9b2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -25,6 +25,12 @@ jobs: - name: push Helm chart to ghcr run: helm push ./release/*tgz oci://ghcr.io/taskmedia + + - name: login dockerhub registry + run: echo '${{ secrets.DOCKER_PASSWORD }}' | docker login -u '${{ secrets.DOCKER_USERNAME }}' --password-stdin + + - name: push Helm chart to dockerhub + run: helm push ./release/*tgz oci://registry-1.docker.io/taskmedia - name: Update Index env: From 417f2e0626224a92189a02df860629ee9b9a4029 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 2 Nov 2022 10:09:50 +0100 Subject: [PATCH 082/291] chore(doc): add dockerhub registry (#5) --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f5707e0..f324263 100644 --- a/README.md +++ b/README.md @@ -31,10 +31,11 @@ $ vi ./my-values.yaml $ helm upgrade --install vpn taskmedia/ipsec-vpn-server --values ./my-values.yaml ``` -You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/) or Docker Hub: ```bash $ helm upgrade --install vpn oci://ghcr.io/taskmedia/ipsec-vpn-server +$ helm upgrade --install vpn oci://registry-1.docker.io/taskmedia/ipsec-vpn-server ``` ## Using sealed-secrets From 81a7289011689e08f6945911c91511e52508ddd7 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 6 Jan 2023 14:04:12 +0100 Subject: [PATCH 083/291] chore(test): add test workflow (#8) * chore(test): add test workflow * chore: move Helm chart to charts directory * fix: update release wf to new chart path * chore: format wf release * chore: add chart maintainer Also format Chart.yaml * fix: specify chart-dirs for ct install --- .github/workflows/release.yaml | 98 +++++++++---------- .github/workflows/test.yaml | 43 ++++++++ .../ipsec-vpn-server/Chart.yaml | 12 ++- .../ipsec-vpn-server/templates}/NOTES.txt | 0 .../ipsec-vpn-server/templates}/_helpers.tpl | 0 .../templates}/configmap.yaml | 0 .../templates}/deployment.yaml | 0 .../ingress/traefik/ingressrouteudp.yaml | 0 .../templates}/secret-sealed.yaml | 0 .../ipsec-vpn-server/templates}/secret.yaml | 0 .../ipsec-vpn-server/templates}/service.yaml | 0 .../ipsec-vpn-server/values.yaml | 0 12 files changed, 100 insertions(+), 53 deletions(-) create mode 100644 .github/workflows/test.yaml rename Chart.yaml => charts/ipsec-vpn-server/Chart.yaml (75%) rename {templates => charts/ipsec-vpn-server/templates}/NOTES.txt (100%) rename {templates => charts/ipsec-vpn-server/templates}/_helpers.tpl (100%) rename {templates => charts/ipsec-vpn-server/templates}/configmap.yaml (100%) rename {templates => charts/ipsec-vpn-server/templates}/deployment.yaml (100%) rename {templates => charts/ipsec-vpn-server/templates}/ingress/traefik/ingressrouteudp.yaml (100%) rename {templates => charts/ipsec-vpn-server/templates}/secret-sealed.yaml (100%) rename {templates => charts/ipsec-vpn-server/templates}/secret.yaml (100%) rename {templates => charts/ipsec-vpn-server/templates}/service.yaml (100%) rename values.yaml => charts/ipsec-vpn-server/values.yaml (100%) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 43ed9b2..2eefd25 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,52 +7,52 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'taskmedia/helm_ipsec-vpn-server' steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - uses: azure/setup-helm@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Create release binary - run: | - helm package ./ --destination release/ - - - name: login ghcr registry - run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin - - - name: push Helm chart to ghcr - run: helm push ./release/*tgz oci://ghcr.io/taskmedia - - - name: login dockerhub registry - run: echo '${{ secrets.DOCKER_PASSWORD }}' | docker login -u '${{ secrets.DOCKER_USERNAME }}' --password-stdin - - - name: push Helm chart to dockerhub - run: helm push ./release/*tgz oci://registry-1.docker.io/taskmedia - - - name: Update Index - env: - GH_PAGES_URL: github.com/taskmedia/helm - REPO_NAME: ipsec-vpn-server - HELM_URL: https://helm.task.media/ - run: | - rm -rf ./gh-pages.zip - rm -rf ./repo - curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip - unzip -o ./gh-pages.zip -d ./repo/ - mv -f ./repo/helm-gh-pages/* ./repo - rm -rf ./repo/helm-gh-pages/ - cp ./release/*tgz ./repo/${REPO_NAME}/ - cp ./README.md ./repo/${REPO_NAME}/index.md - helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - - - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.2.5 - with: - repository-name: taskmedia/helm - branch: gh-pages - ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} - folder: repo - clean: false + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - uses: azure/setup-helm@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Create release binary + run: | + helm package charts/ipsec-vpn-server --destination release/ + + - name: login ghcr registry + run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin + + - name: push Helm chart to ghcr + run: helm push ./release/*tgz oci://ghcr.io/taskmedia + + - name: login dockerhub registry + run: echo '${{ secrets.DOCKER_PASSWORD }}' | docker login -u '${{ secrets.DOCKER_USERNAME }}' --password-stdin + + - name: push Helm chart to dockerhub + run: helm push ./release/*tgz oci://registry-1.docker.io/taskmedia + + - name: Update Index + env: + GH_PAGES_URL: github.com/taskmedia/helm + REPO_NAME: ipsec-vpn-server + HELM_URL: https://helm.task.media/ + run: | + rm -rf ./gh-pages.zip + rm -rf ./repo + curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip + unzip -o ./gh-pages.zip -d ./repo/ + mv -f ./repo/helm-gh-pages/* ./repo + rm -rf ./repo/helm-gh-pages/ + cp ./release/*tgz ./repo/${REPO_NAME}/ + cp ./README.md ./repo/${REPO_NAME}/index.md + helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo + + - name: Deploy + uses: JamesIves/github-pages-deploy-action@v4.2.5 + with: + repository-name: taskmedia/helm + branch: gh-pages + ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} + folder: repo + clean: false diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..6b62ab2 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,43 @@ +name: Lint and Test Charts + +on: pull_request + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.10.0 + + - uses: actions/setup-python@v4 + with: + python-version: '3.9' + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.3.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi + + - name: Run chart-testing (lint) + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + + - name: Create kind cluster + uses: helm/kind-action@v1.4.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + run: ct install --all --chart-dirs charts diff --git a/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml similarity index 75% rename from Chart.yaml rename to charts/ipsec-vpn-server/Chart.yaml index cf8e28d..58162db 100644 --- a/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -1,13 +1,17 @@ apiVersion: v2 name: ipsec-vpn-server description: Deploy IPsec VPN server inside K8s with optional sealed-secrets + home: https://helm.task.media/ipsec-vpn-server keywords: - - vpn - - ipsec - - traefik +- vpn +- ipsec +- traefik +maintainers: +- name: fty4 + url: https://github.com/fty4 sources: - - https://github.com/hwdsl2/docker-ipsec-vpn-server +- https://github.com/hwdsl2/docker-ipsec-vpn-server type: application diff --git a/templates/NOTES.txt b/charts/ipsec-vpn-server/templates/NOTES.txt similarity index 100% rename from templates/NOTES.txt rename to charts/ipsec-vpn-server/templates/NOTES.txt diff --git a/templates/_helpers.tpl b/charts/ipsec-vpn-server/templates/_helpers.tpl similarity index 100% rename from templates/_helpers.tpl rename to charts/ipsec-vpn-server/templates/_helpers.tpl diff --git a/templates/configmap.yaml b/charts/ipsec-vpn-server/templates/configmap.yaml similarity index 100% rename from templates/configmap.yaml rename to charts/ipsec-vpn-server/templates/configmap.yaml diff --git a/templates/deployment.yaml b/charts/ipsec-vpn-server/templates/deployment.yaml similarity index 100% rename from templates/deployment.yaml rename to charts/ipsec-vpn-server/templates/deployment.yaml diff --git a/templates/ingress/traefik/ingressrouteudp.yaml b/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml similarity index 100% rename from templates/ingress/traefik/ingressrouteudp.yaml rename to charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml diff --git a/templates/secret-sealed.yaml b/charts/ipsec-vpn-server/templates/secret-sealed.yaml similarity index 100% rename from templates/secret-sealed.yaml rename to charts/ipsec-vpn-server/templates/secret-sealed.yaml diff --git a/templates/secret.yaml b/charts/ipsec-vpn-server/templates/secret.yaml similarity index 100% rename from templates/secret.yaml rename to charts/ipsec-vpn-server/templates/secret.yaml diff --git a/templates/service.yaml b/charts/ipsec-vpn-server/templates/service.yaml similarity index 100% rename from templates/service.yaml rename to charts/ipsec-vpn-server/templates/service.yaml diff --git a/values.yaml b/charts/ipsec-vpn-server/values.yaml similarity index 100% rename from values.yaml rename to charts/ipsec-vpn-server/values.yaml From a0476e22798b198c882e591361af9830edd3030f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 6 Jan 2023 14:36:51 +0100 Subject: [PATCH 084/291] fix: only run `ct install` if chart changed (#10) --- .github/workflows/test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6b62ab2..086d00d 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -40,4 +40,5 @@ jobs: if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) + if: steps.list-changed.outputs.changed == 'true' run: ct install --all --chart-dirs charts From 927186edf690f9c0f08ba762c9c71e02dc50d5f1 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 6 Jan 2023 14:38:28 +0100 Subject: [PATCH 085/291] feat: auto update Helm chart version (#9) * feat: update and commit version bump * feat: move release and update latest tag --- .github/workflows/release.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2eefd25..7496400 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,6 +16,30 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} + - name: bump release version (Chart.yaml) + env: + TAG_NAME: ${{ github.event.release.tag_name }} + run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/ipsec-vpn-server/Chart.yaml + + - name: commit version bump + uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" + commit_options: "--no-verify" + file_pattern: charts/ipsec-vpn-server/Chart.yaml + + - name: move release tag + shell: bash + run: | + git tag --force ${{ github.event.release.tag_name }} HEAD + git push --force origin ${{ github.event.release.tag_name }} + + - name: update latest tag + shell: bash + run: | + git tag --force latest HEAD + git push --force origin latest + - name: Create release binary run: | helm package charts/ipsec-vpn-server --destination release/ From b9d11bfe6a6de99c4082c491a873e0fa84d259d8 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 6 Jan 2023 14:51:31 +0100 Subject: [PATCH 086/291] fix: specify branch to push release wf commit (#11) --- .github/workflows/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7496400..920cc1a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -24,6 +24,7 @@ jobs: - name: commit version bump uses: stefanzweifel/git-auto-commit-action@v4 with: + branch: main commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" commit_options: "--no-verify" file_pattern: charts/ipsec-vpn-server/Chart.yaml From 696464376b808bbaab623f52c4052113f7682d44 Mon Sep 17 00:00:00 2001 From: fty4 Date: Fri, 6 Jan 2023 13:52:08 +0000 Subject: [PATCH 087/291] chore(release): update version to v1.2.2 --- charts/ipsec-vpn-server/Chart.yaml | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index 58162db..b0c88c3 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -1,24 +1,19 @@ apiVersion: v2 name: ipsec-vpn-server description: Deploy IPsec VPN server inside K8s with optional sealed-secrets - home: https://helm.task.media/ipsec-vpn-server keywords: -- vpn -- ipsec -- traefik + - vpn + - ipsec + - traefik maintainers: -- name: fty4 - url: https://github.com/fty4 + - name: fty4 + url: https://github.com/fty4 sources: -- https://github.com/hwdsl2/docker-ipsec-vpn-server - + - https://github.com/hwdsl2/docker-ipsec-vpn-server type: application - -version: 1.1.4 - +version: 1.2.2 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 appVersion: "latest" - icon: https://media.task.media/images/logo.png From 09126ae70c6fe60f896f3e0427ca3af468ab5781 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 6 Jan 2023 15:11:48 +0100 Subject: [PATCH 088/291] chore: use GITHUB_OUTPUT than set-output (#12) --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 086d00d..c1785c1 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -29,7 +29,7 @@ jobs: run: | changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_OUTPUT fi - name: Run chart-testing (lint) From 55658725cee459fefef49e50d80d0c07865f8c3b Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 6 Jan 2023 16:30:52 +0100 Subject: [PATCH 089/291] chore: only run lint if chart changed (#14) --- .github/workflows/test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c1785c1..6c42265 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -33,6 +33,7 @@ jobs: fi - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' run: ct lint --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster From d73b09712964fd4be3138127ccb6cd03b89905d9 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 6 Jan 2023 16:32:13 +0100 Subject: [PATCH 090/291] fix: skip version-increment check on testing (#15) --- .github/workflows/test.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6c42265..e5774bb 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -34,7 +34,10 @@ jobs: - name: Run chart-testing (lint) if: steps.list-changed.outputs.changed == 'true' - run: ct lint --target-branch ${{ github.event.repository.default_branch }} + run: | + ct lint \ + --check-version-increment=false \ + --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster uses: helm/kind-action@v1.4.0 From 12cfc8b14809800b7d9ed82b8dd18cb043b11ead Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 6 Jan 2023 16:36:04 +0100 Subject: [PATCH 091/291] docs: add GitHub sources of taskmedia (#13) --- charts/ipsec-vpn-server/Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index b0c88c3..e9b18e4 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -11,6 +11,8 @@ maintainers: url: https://github.com/fty4 sources: - https://github.com/hwdsl2/docker-ipsec-vpn-server + - https://github.com/taskmedia/helm_ipsec-vpn-server + - https://github.com/taskmedia/helm type: application version: 1.2.2 # hwdsl2/docker-ipsec-vpn-server does not provide versioning From 8faf2ab67526d6b00cbeec9c18f90abe43d9b370 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 1 Apr 2023 13:26:22 +0200 Subject: [PATCH 092/291] chore: add sources to chart --- Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index a528805..45cdf69 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -11,6 +11,8 @@ keywords: maintainers: - name: taskmedia url: https://task.media +sources: + - https://github.com/taskmedia/helm_vpn-ios-profile type: application From acbb058b68802d9aa9941a7a6544baff778e08eb Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 20 Sep 2023 11:40:48 +0200 Subject: [PATCH 093/291] feat: add website for downloading iOS profiles --- templates/web/deployment.yaml | 36 +++++++++++++++++++++++++++++ templates/web/ingress.yaml | 22 ++++++++++++++++++ templates/web/middleware.yaml | 9 ++++++++ templates/web/secret-basicauth.yaml | 10 ++++++++ templates/web/service.yaml | 17 ++++++++++++++ values.yaml | 13 +++++++++++ 6 files changed, 107 insertions(+) create mode 100644 templates/web/deployment.yaml create mode 100644 templates/web/ingress.yaml create mode 100644 templates/web/middleware.yaml create mode 100644 templates/web/secret-basicauth.yaml create mode 100644 templates/web/service.yaml diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml new file mode 100644 index 0000000..cbd31fe --- /dev/null +++ b/templates/web/deployment.yaml @@ -0,0 +1,36 @@ +{{- if .Values.web.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "vpn-ios-profile.fullname" . }}-web + labels: + {{- include "vpn-ios-profile.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "vpn-ios-profile.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "vpn-ios-profile.selectorLabels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 101 + containers: + - name: web + image: nginxinc/nginx-unprivileged + ports: + - name: http + containerPort: 8080 + protocol: TCP + volumeMounts: + - name: iosprofiles + mountPath: /usr/share/nginx/html + readOnly: true + volumes: + - name: iosprofiles + secret: + secretName: {{ include "vpn-ios-profile.fullname" . }}-ios-profile + # defaultMode: 0444 +{{- end }} diff --git a/templates/web/ingress.yaml b/templates/web/ingress.yaml new file mode 100644 index 0000000..49ef6ec --- /dev/null +++ b/templates/web/ingress.yaml @@ -0,0 +1,22 @@ +{{- if .Values.web.ingressroute.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "vpn-ios-profile.fullname" . }}-web +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`{{ .Values.web.ingressroute.host }}`) + {{- if and .Values.web.ingressroute.enabled (and .Values.web.ingressroute.username .Values.web.ingressroute.password) }} + middlewares: + - name: {{ include "vpn-ios-profile.fullname" . }}-web-basicauth + {{- end }} + services: + - kind: Service + name: {{ include "vpn-ios-profile.fullname" . }}-web + port: 80 + tls: + certResolver: le-prod +{{- end }} diff --git a/templates/web/middleware.yaml b/templates/web/middleware.yaml new file mode 100644 index 0000000..9d881b5 --- /dev/null +++ b/templates/web/middleware.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.web.ingressroute.enabled (and .Values.web.ingressroute.username .Values.web.ingressroute.password) }} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ include "vpn-ios-profile.fullname" . }}-web-basicauth +spec: + basicAuth: + secret: {{ include "vpn-ios-profile.fullname" . }}-web-basicauth +{{- end }} diff --git a/templates/web/secret-basicauth.yaml b/templates/web/secret-basicauth.yaml new file mode 100644 index 0000000..3e4895d --- /dev/null +++ b/templates/web/secret-basicauth.yaml @@ -0,0 +1,10 @@ +{{- if and .Values.web.ingressroute.enabled (and .Values.web.ingressroute.username .Values.web.ingressroute.password) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "vpn-ios-profile.fullname" . }}-web-basicauth +type: kubernetes.io/basic-auth +stringData: + username: {{ .Values.web.ingressroute.username }} + password: {{ .Values.web.ingressroute.password }} +{{- end }} diff --git a/templates/web/service.yaml b/templates/web/service.yaml new file mode 100644 index 0000000..a7e998b --- /dev/null +++ b/templates/web/service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.web.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "vpn-ios-profile.fullname" . }}-web + labels: + {{- include "vpn-ios-profile.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + {{- include "vpn-ios-profile.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/values.yaml b/values.yaml index 0cf92e8..19f9ffe 100644 --- a/values.yaml +++ b/values.yaml @@ -25,3 +25,16 @@ iosprofile: PayloadDescription: "This iOS Profile provides VPN connection to %dns_name with the user %username" PayloadIdentifier: "%dns_name.%username.ios-profile" PayloadOrganization: "%dns_name" + +web: + # Enable web server to host iOS profiles + enabled: false + + ingressroute: + # ingressroute to host iOS profiles at + host: ios.vpn.example.com + + # basic auth credentials - username + username: "" + # basic auth credentials - password + password: "" From 719261999fb64e000bab56f0d293fd7899d9183d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 20 Sep 2023 11:46:41 +0200 Subject: [PATCH 094/291] feat: add index webpage to list profiles --- templates/secret-ios-profile.yaml | 20 ++++++++++++++++++++ templates/web/deployment.yaml | 10 +++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index bfba679..90aa39b 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -4,6 +4,26 @@ kind: Secret metadata: name: {{ include "vpn-ios-profile.fullname" . }}-ios-profile stringData: + index.html: |- + + + VPN configuration profiles + + + +

VPN configuration profiles (iOS)

+
    + {{- range (index .Values "ipsec-vpn-server" "users") }} +
  • {{ .username }}
    • + {{- end }} +
+ + + {{- range (index .Values "ipsec-vpn-server" "users") }} vpn-{{ .username }}.mobileconfig: |- diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index cbd31fe..c3c3411 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -24,6 +24,14 @@ spec: - name: http containerPort: 8080 protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http volumeMounts: - name: iosprofiles mountPath: /usr/share/nginx/html @@ -32,5 +40,5 @@ spec: - name: iosprofiles secret: secretName: {{ include "vpn-ios-profile.fullname" . }}-ios-profile - # defaultMode: 0444 + defaultMode: 0444 {{- end }} From b49415f81d62ae7a3ae024e527fe0cea02648e36 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 20 Sep 2023 19:26:10 +0200 Subject: [PATCH 095/291] chore(docs): change order of vpn types --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b7dbe0e..84a71df 100644 --- a/README.md +++ b/README.md @@ -13,16 +13,16 @@ The VPN is always connected. The connection will be keep alive until you select another VPN mode (e.g. manual). When adding a VPN without a profile you do not have the option to automatically reconnect to the VPN. -**2. WiFi**
-When connected to your WiFi (WLAN) you will not be connected to the VPN because it will be seen as trusted network. -You can specify a list of SSID (Networkname) which should be trusted. -(Warning: If network you connect shares the same SSID no VPN will be used even if it is not your own trusted network.) - -**3. Manual**
+**2. Manual**
If you do not want the VPN to be used automatically select this option. This allows you to enable it whenever you need it. You can enable the VPN connection in your iOS preferences. +**3. WiFi**
+When connected to your WiFi (WLAN) you will not be connected to the VPN because it will be seen as trusted network. +You can specify a list of SSID (Networkname) which should be trusted. +(Warning: If network you connect shares the same SSID no VPN will be used even if it is not your own trusted network.) + ## Installation To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. From 6d5e0932361e93ab83e33604631623cc2bec8c41 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 20 Sep 2023 19:32:53 +0200 Subject: [PATCH 096/291] feat: allow additional VPNs Allow to add other VPN servers to the profiles (e.g. your homerouter) --- templates/secret-ios-profile.yaml | 9 ++++++--- templates/vpn.always.tpl | 25 +++++++++++++++---------- templates/vpn.manual.tpl | 25 +++++++++++++++---------- templates/vpn.tpl | 15 +++++++++++++++ templates/vpn.wifi.tpl | 29 +++++++++++++++++------------ values.yaml | 9 +++++++++ 6 files changed, 77 insertions(+), 35 deletions(-) create mode 100644 templates/vpn.tpl diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index 90aa39b..f40d184 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -25,6 +25,7 @@ stringData: {{- range (index .Values "ipsec-vpn-server" "users") }} + {{ $vpnList := ((include "vpn.list" (dict "root" $ "user" . )) | fromYamlArray) }} vpn-{{ .username }}.mobileconfig: |- @@ -39,9 +40,11 @@ stringData: PayloadContent - {{- include "vpn.always" (dict "root" $ "user" . ) | nindent 8 }} - {{- include "vpn.manual" (dict "root" $ "user" . ) | nindent 8 }} - {{- include "vpn.wifi" (dict "root" $ "user" . ) | nindent 8 }} + {{- range $vpnList }} + {{- include "vpn.always" (dict "root" $ "vpn" . ) | nindent 8 }} + {{- include "vpn.manual" (dict "root" $ "vpn" . ) | nindent 8 }} + {{- include "vpn.wifi" (dict "root" $ "vpn" . ) | nindent 8 }} + {{- end }} PayloadDisplayName {{ print ($.Values.iosprofile.PayloadDisplayName | replace "%username" .username | replace "%dns_name" $dns_name) }} diff --git a/templates/vpn.always.tpl b/templates/vpn.always.tpl index e6755b0..b679d84 100644 --- a/templates/vpn.always.tpl +++ b/templates/vpn.always.tpl @@ -4,19 +4,18 @@ All communication will go through VPN on iOS when selected. VPN will always reconnect on this mode. */}} {{- define "vpn.always" -}} -{{- $dns_name := (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") -}} UserDefinedName - {{ $dns_name }} always + {{ .vpn.name | default .vpn.address }} always PayloadDisplayName - {{ $dns_name }} always + {{ .vpn.address }} always PayloadIdentifier - {{ $dns_name }}.{{ .user.username }}.always + {{ .vpn.address }}.{{ .vpn.username }}.always PayloadUUID - {{ sha1sum (printf "%s-%s-vpn-always" $dns_name .user.username) | upper }} + {{ sha1sum (printf "%s-%s-vpn-always" .vpn.address .vpn.username) | upper }} VPNType IPSec @@ -24,26 +23,32 @@ VPN will always reconnect on this mode. IPSec RemoteAddress - {{ $dns_name }} + {{ .vpn.address }} AuthenticationMethod SharedSecret XAuthName - {{ .user.username }} + {{ .vpn.username }} XAuthPassword - {{ .user.password }} + {{ .vpn.password }} XAuthEnabled 1 + {{- if .vpn.group }} + LocalIdentifier + {{ .vpn.username }} + + {{- end }} + LocalIdentifierType KeyID SharedSecret - {{ (index .root.Values "ipsec-vpn-server" "vpn" "psk") | b64enc }} + {{ .vpn.psk | b64enc }} @@ -63,7 +68,7 @@ VPN will always reconnect on this mode. Connect - + OverridePrimary diff --git a/templates/vpn.manual.tpl b/templates/vpn.manual.tpl index d2024ae..257c4be 100644 --- a/templates/vpn.manual.tpl +++ b/templates/vpn.manual.tpl @@ -3,19 +3,18 @@ VPN configuration to enable VPN manual Connection can be disabled by this setting and enabled for a period of time if necessary. */}} {{- define "vpn.manual" -}} -{{- $dns_name := (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") -}} UserDefinedName - {{ $dns_name }} manual + {{ .vpn.name | default .vpn.address }} manual PayloadDisplayName - {{ $dns_name }} manual + {{ .vpn.address }} manual PayloadIdentifier - {{ $dns_name }}.{{ .user.username }}.manual + {{ .vpn.address }}.{{ .vpn.username }}.manual PayloadUUID - {{ sha1sum (printf "%s-%s-vpn-manual" $dns_name .user.username) | upper }} + {{ sha1sum (printf "%s-%s-vpn-manual" .vpn.address .vpn.username) | upper }} VPNType IPSec @@ -23,26 +22,32 @@ Connection can be disabled by this setting and enabled for a period of time if n IPSec RemoteAddress - {{ $dns_name }} + {{ .vpn.address }} AuthenticationMethod SharedSecret XAuthName - {{ .user.username }} + {{ .vpn.username }} XAuthPassword - {{ .user.password }} + {{ .vpn.password }} XAuthEnabled 1 + {{- if .vpn.group }} + LocalIdentifier + {{ .vpn.username }} + + {{- end }} + LocalIdentifierType KeyID SharedSecret - {{ (index .root.Values "ipsec-vpn-server" "vpn" "psk") | b64enc }} + {{ .vpn.psk | b64enc }} @@ -51,7 +56,7 @@ Connection can be disabled by this setting and enabled for a period of time if n PayloadVersion 1 - + OverridePrimary diff --git a/templates/vpn.tpl b/templates/vpn.tpl new file mode 100644 index 0000000..a45f15f --- /dev/null +++ b/templates/vpn.tpl @@ -0,0 +1,15 @@ +{{/* +VPN list of concatenated VPNs for a user. +*/}} +{{- define "vpn.list" -}} +- address: {{ print (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") }} + psk: {{ print (index .root.Values "ipsec-vpn-server" "vpn" "psk") }} + username: {{ .user.username }} + password: {{ .user.password }} +{{- $username := .user.username -}} +{{- range (index .root.Values "ipsec-vpn-server" "users") -}} +{{- if and (eq .username $username) (.additionalVpns) }} +{{ toYaml .additionalVpns }} +{{- end }} +{{- end }} +{{- end }} diff --git a/templates/vpn.wifi.tpl b/templates/vpn.wifi.tpl index 1361f94..9a6cd02 100644 --- a/templates/vpn.wifi.tpl +++ b/templates/vpn.wifi.tpl @@ -4,19 +4,18 @@ All communication will go through VPN on iOS when selected and not in list of kn VPN will always reconnect on this mode. */}} {{- define "vpn.wifi" -}} -{{- $dns_name := (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") -}} UserDefinedName - {{ $dns_name }} Wi-Fi + {{ .vpn.name | default .vpn.address }} Wi-Fi PayloadDisplayName - {{ $dns_name }} Wi-Fi + {{ .vpn.address }} Wi-Fi PayloadIdentifier - {{ $dns_name }}.{{ .user.username }}.wifi + {{ .vpn.address }}.{{ .vpn.username }}.wifi PayloadUUID - {{ sha1sum (printf "%s-%s-vpn-wifi" $dns_name .user.username) | upper }} + {{ sha1sum (printf "%s-%s-vpn-wifi" .vpn.address .vpn.username) | upper }} VPNType IPSec @@ -24,26 +23,32 @@ VPN will always reconnect on this mode. IPSec RemoteAddress - {{ $dns_name }} + {{ .vpn.address }} AuthenticationMethod SharedSecret XAuthName - {{ .user.username }} + {{ .vpn.username }} XAuthPassword - {{ .user.password }} + {{ .vpn.password }} XAuthEnabled 1 + {{- if .vpn.group }} + LocalIdentifier + {{ .vpn.username }} + + {{- end }} + LocalIdentifierType KeyID SharedSecret - {{ (index .root.Values "ipsec-vpn-server" "vpn" "psk") | b64enc }} + {{ .vpn.psk | b64enc }} @@ -64,7 +69,7 @@ VPN will always reconnect on this mode. SSIDMatch - {{- range .root.Values.trusted_ssids }} + {{- range $.root.Values.trusted_ssids }} {{- . -}} {{- end}} @@ -75,7 +80,7 @@ VPN will always reconnect on this mode. InterfaceTypeMatch WiFi - + Action Connect @@ -85,7 +90,7 @@ VPN will always reconnect on this mode. Disconnect - + OverridePrimary diff --git a/values.yaml b/values.yaml index 19f9ffe..7815a4b 100644 --- a/values.yaml +++ b/values.yaml @@ -18,6 +18,15 @@ ipsec-vpn-server: - username: vpn password: password + # add additional VPNs for this user + additionalVpns: [] + # - name: fritzbox # optional + # address: uuid.myfritz.net + # psk: user-presharedkey + # username: vpn + # group: vpn + # password: user-password + iosprofile: # You can use the variables %username and %dns_name. ConsentText: "iOS Profile %username@%dns_name" From 40bbb8d574d0cc3b7a2dc9a03fa3822df2eed305 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 08:33:35 +0200 Subject: [PATCH 097/291] feat: add wifi to iOS profile Add wifi connections to the iOS profile to automatically connect with network --- templates/secret-ios-profile.yaml | 5 +++++ templates/vpn.wifi.tpl | 4 ++-- templates/wifi.tpl | 37 +++++++++++++++++++++++++++++++ values.yaml | 5 +++++ 4 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 templates/wifi.tpl diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index f40d184..88152fb 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -45,6 +45,11 @@ stringData: {{- include "vpn.manual" (dict "root" $ "vpn" . ) | nindent 8 }} {{- include "vpn.wifi" (dict "root" $ "vpn" . ) | nindent 8 }} {{- end }} + {{- range $.Values.wifi }} + {{- if .password }} + {{- include "wifi" (dict "root" $ "wifi" . ) | nindent 8 }} + {{- end }} + {{- end }} PayloadDisplayName {{ print ($.Values.iosprofile.PayloadDisplayName | replace "%username" .username | replace "%dns_name" $dns_name) }} diff --git a/templates/vpn.wifi.tpl b/templates/vpn.wifi.tpl index 9a6cd02..6c894d2 100644 --- a/templates/vpn.wifi.tpl +++ b/templates/vpn.wifi.tpl @@ -69,8 +69,8 @@ VPN will always reconnect on this mode. SSIDMatch - {{- range $.root.Values.trusted_ssids }} - {{- . -}} + {{- range $.root.Values.wifi }} + {{- .ssid -}} {{- end}} diff --git a/templates/wifi.tpl b/templates/wifi.tpl new file mode 100644 index 0000000..6e25989 --- /dev/null +++ b/templates/wifi.tpl @@ -0,0 +1,37 @@ +{{/* +WiFi connections +*/}} +{{- define "wifi" -}} + + AutoJoin + + CaptiveBypass + + DisableAssociationMACRandomization + + EncryptionType + WPA2 + HIDDEN_NETWORK + + IsHotspot + + Password + {{ .wifi.password }} + PayloadDescription + Configures Wi-Fi settings {{ .wifi.ssid }} + PayloadDisplayName + Wi-Fi {{ .wifi.ssid }} + PayloadIdentifier + com.apple.wifi.managed.{{ uuidv4 }} + PayloadType + com.apple.wifi.managed + PayloadUUID + {{ uuidv4 }} + PayloadVersion + 1 + ProxyType + None + SSID_STR + {{ .wifi.ssid }} + +{{- end }} diff --git a/values.yaml b/values.yaml index 7815a4b..939bdfd 100644 --- a/values.yaml +++ b/values.yaml @@ -47,3 +47,8 @@ web: username: "" # basic auth credentials - password password: "" + +# add wifi networks to the iOS profile +wifi: [] + # - ssid: myhome-network + # password: myhome-password \ No newline at end of file From b95039c8f09981b9fd1fbfecd902ffc1468280e7 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 13:34:45 +0200 Subject: [PATCH 098/291] chore: add new line at eof --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 939bdfd..486611a 100644 --- a/values.yaml +++ b/values.yaml @@ -51,4 +51,4 @@ web: # add wifi networks to the iOS profile wifi: [] # - ssid: myhome-network - # password: myhome-password \ No newline at end of file + # password: myhome-password From 5a42e318c00b22cfdb6c8dddf9df77b52473b3bd Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 14:21:30 +0200 Subject: [PATCH 099/291] feat: add certs to profile (#17) * feat: add certs to profile Allow to add certificates to the iOS profile * chore: add new line at eof * fix: use generated whitespace also in test * fix: too many spaces after colon * fix: remove demo SSIDs from test In the default the example ssid will not longer be provided - this will require to remove it from the test as well. --- templates/certs.tpl | 36 ++++++++++ templates/secret-ios-profile.yaml | 1 + templates/vpn.wifi.tpl | 2 +- test/vpn-vpn.mobileconfig | 115 +++++++++++++++--------------- values.yaml | 10 +++ 5 files changed, 105 insertions(+), 59 deletions(-) create mode 100644 templates/certs.tpl diff --git a/templates/certs.tpl b/templates/certs.tpl new file mode 100644 index 0000000..450baef --- /dev/null +++ b/templates/certs.tpl @@ -0,0 +1,36 @@ +{{- /* +Add custom certificates to iOS profile +*/}} +{{- define "certs" -}} +{{- /* Generate list of users certificates */}} +{{- $username := .user.username -}} +{{- $certs := .root.Values.certs -}} +{{- range (index .root.Values "ipsec-vpn-server" "users") -}} +{{- if and (eq .username $username) (.certs) }} +{{- $certs = concat $certs .certs }} +{{- end }} +{{- end }} +{{- /* Template generated list of certificates */}} +{{- range $certs }} + + PayloadCertificateFileName + {{ regexReplaceAll "\\W+" .name "-" }}.cer + PayloadContent + + {{ ($.root.Files.Get .filename | required (printf "certificate file not fould: %s" .filename)) | b64enc }} + + PayloadDescription + Adds {{ .name }} certificate + PayloadDisplayName + {{ .name }} + PayloadIdentifier + com.apple.security.root.{{ uuidv4 }} + PayloadType + com.apple.security.root + PayloadUUID + {{ uuidv4 }} + PayloadVersion + 1 + +{{- end }} +{{- end }} diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index 88152fb..0b060e2 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -40,6 +40,7 @@ stringData: PayloadContent + {{- include "certs" (dict "root" $ "user" . ) | nindent 8 }} {{- range $vpnList }} {{- include "vpn.always" (dict "root" $ "vpn" . ) | nindent 8 }} {{- include "vpn.manual" (dict "root" $ "vpn" . ) | nindent 8 }} diff --git a/templates/vpn.wifi.tpl b/templates/vpn.wifi.tpl index 6c894d2..41a986b 100644 --- a/templates/vpn.wifi.tpl +++ b/templates/vpn.wifi.tpl @@ -69,7 +69,7 @@ VPN will always reconnect on this mode. SSIDMatch - {{- range $.root.Values.wifi }} + {{- range .root.Values.wifi }} {{- .ssid -}} {{- end}} diff --git a/test/vpn-vpn.mobileconfig b/test/vpn-vpn.mobileconfig index 1fc6a25..ee974a6 100644 --- a/test/vpn-vpn.mobileconfig +++ b/test/vpn-vpn.mobileconfig @@ -11,57 +11,58 @@ PayloadContent + UserDefinedName vpn.example.com always - + PayloadDisplayName vpn.example.com always - + PayloadIdentifier vpn.example.com.vpn.always - + PayloadUUID 7A48801E2EE20A88BE29C703D8AB15EEB5A1B0C7 - + VPNType IPSec - + IPSec RemoteAddress vpn.example.com - + AuthenticationMethod SharedSecret - + XAuthName vpn - + XAuthPassword password - + XAuthEnabled 1 - + LocalIdentifierType KeyID - + SharedSecret eW91cl9wcmVzaGFyZWRrZXk= - + PayloadType com.apple.vpn.managed - + PayloadVersion 1 - + OnDemandEnabled 1 - + OnDemandRules @@ -69,145 +70,143 @@ Connect - + OverridePrimary - + IPv4 OverridePrimary 1 - + UserDefinedName vpn.example.com manual - + PayloadDisplayName vpn.example.com manual - + PayloadIdentifier vpn.example.com.vpn.manual - + PayloadUUID AC75AC649AA2452990D5C3CFFB817044B9855E79 - + VPNType IPSec - + IPSec RemoteAddress vpn.example.com - + AuthenticationMethod SharedSecret - + XAuthName vpn - + XAuthPassword password - + XAuthEnabled 1 - + LocalIdentifierType KeyID - + SharedSecret eW91cl9wcmVzaGFyZWRrZXk= - + PayloadType com.apple.vpn.managed - + PayloadVersion 1 - + OverridePrimary - + IPv4 OverridePrimary 1 - + UserDefinedName vpn.example.com Wi-Fi - + PayloadDisplayName vpn.example.com Wi-Fi - + PayloadIdentifier vpn.example.com.vpn.wifi - + PayloadUUID 1630A29621C0D601FD70F4D97BBEC1BBEDA3D0E7 - + VPNType IPSec - + IPSec RemoteAddress vpn.example.com - + AuthenticationMethod SharedSecret - + XAuthName vpn - + XAuthPassword password - + XAuthEnabled 1 - + LocalIdentifierType KeyID - + SharedSecret eW91cl9wcmVzaGFyZWRrZXk= - + PayloadType com.apple.vpn.managed - + PayloadVersion 1 - + OnDemandEnabled 1 - + OnDemandRules InterfaceTypeMatch WiFi - + SSIDMatch - myhome-network - corp-network - + Action Disconnect InterfaceTypeMatch WiFi - + Action Connect @@ -217,16 +216,16 @@ Disconnect - + OverridePrimary - + IPv4 OverridePrimary 1 - + PayloadDisplayName @@ -246,4 +245,4 @@ PayloadVersion 1 - + \ No newline at end of file diff --git a/values.yaml b/values.yaml index 486611a..8d64a13 100644 --- a/values.yaml +++ b/values.yaml @@ -27,6 +27,11 @@ ipsec-vpn-server: # group: vpn # password: user-password + # add certificates for this user (e.g. for client / email authentication) + certs: [] + # - name: user cert + # filename: certs/user.p12 + iosprofile: # You can use the variables %username and %dns_name. ConsentText: "iOS Profile %username@%dns_name" @@ -48,6 +53,11 @@ web: # basic auth credentials - password password: "" +# add certificates for all users (e.g. for certificate authority) +certs: [] +# - name: root CA cert +# filename: certs/ca.cer + # add wifi networks to the iOS profile wifi: [] # - ssid: myhome-network From 226d21fdc11c32520bf604616a0baaa5c9e3a63e Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 14:30:22 +0200 Subject: [PATCH 100/291] chore: restructure values alphabetic order and rm whitespaces --- values.yaml | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/values.yaml b/values.yaml index 8d64a13..45a3048 100644 --- a/values.yaml +++ b/values.yaml @@ -1,9 +1,5 @@ fullnameOverride: &global-fullnameOverride vpn-ios-profile -trusted_ssids: - - myhome-network - - corp-network - # values of dependency chart ipsec-vpn-server ipsec-vpn-server: # Overwrite VPN configuration of ipsec-vpn-server chart @@ -15,22 +11,22 @@ ipsec-vpn-server: psk: your_presharedkey users: - - username: vpn - password: password - - # add additional VPNs for this user - additionalVpns: [] - # - name: fritzbox # optional - # address: uuid.myfritz.net - # psk: user-presharedkey - # username: vpn - # group: vpn - # password: user-password - - # add certificates for this user (e.g. for client / email authentication) - certs: [] - # - name: user cert - # filename: certs/user.p12 + - username: vpn + password: password + + # add additional VPNs for this user + additionalVpns: [] + # - name: fritzbox # optional + # address: uuid.myfritz.net + # psk: user-presharedkey + # username: vpn + # group: vpn + # password: user-password + + # add certificates for this user (e.g. for client / email authentication) + certs: [] + # - name: user cert + # filename: certs/user.p12 iosprofile: # You can use the variables %username and %dns_name. @@ -55,10 +51,10 @@ web: # add certificates for all users (e.g. for certificate authority) certs: [] -# - name: root CA cert -# filename: certs/ca.cer +# - name: root CA cert +# filename: certs/ca.cer # add wifi networks to the iOS profile wifi: [] - # - ssid: myhome-network - # password: myhome-password +# - ssid: myhome-network +# password: myhome-password From e3840b014f0b094cae809f0f7844c1a5fe0cfa3e Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 14:48:52 +0200 Subject: [PATCH 101/291] chore: use alias for helm dependency chart When using an alias it is more easy to access the values --- Chart.yaml | 7 ++++--- templates/certs.tpl | 2 +- templates/secret-ios-profile.yaml | 6 +++--- templates/tests/test-connection.yaml | 2 +- templates/vpn.tpl | 6 +++--- values.yaml | 2 +- 6 files changed, 13 insertions(+), 12 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 45cdf69..940fd09 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -21,8 +21,9 @@ version: 0.2.3 appVersion: "latest" dependencies: - - name: ipsec-vpn-server - version: 1.1.4 - repository: "https://helm.task.media/" +- alias: vpnserver + name: ipsec-vpn-server + version: 1.1.4 + repository: "https://helm.task.media/" icon: https://media.task.media/images/logo.png diff --git a/templates/certs.tpl b/templates/certs.tpl index 450baef..6a044e2 100644 --- a/templates/certs.tpl +++ b/templates/certs.tpl @@ -5,7 +5,7 @@ Add custom certificates to iOS profile {{- /* Generate list of users certificates */}} {{- $username := .user.username -}} {{- $certs := .root.Values.certs -}} -{{- range (index .root.Values "ipsec-vpn-server" "users") -}} +{{- range .root.Values.vpnserver.users -}} {{- if and (eq .username $username) (.certs) }} {{- $certs = concat $certs .certs }} {{- end }} diff --git a/templates/secret-ios-profile.yaml b/templates/secret-ios-profile.yaml index 0b060e2..812f1e5 100644 --- a/templates/secret-ios-profile.yaml +++ b/templates/secret-ios-profile.yaml @@ -1,4 +1,4 @@ -{{- $dns_name := (index $.Values "ipsec-vpn-server" "vpn" "dns_name") -}} +{{- $dns_name := $.Values.vpnserver.vpn.dns_name -}} apiVersion: v1 kind: Secret metadata: @@ -17,14 +17,14 @@ stringData:

VPN configuration profiles (iOS)

    - {{- range (index .Values "ipsec-vpn-server" "users") }} + {{- range .Values.vpnserver.users }}
  • {{ .username }}
    • {{- end }}
-{{- range (index .Values "ipsec-vpn-server" "users") }} +{{- range .Values.vpnserver.users }} {{ $vpnList := ((include "vpn.list" (dict "root" $ "user" . )) | fromYamlArray) }} vpn-{{ .username }}.mobileconfig: |- diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml index 48383a5..3ea078b 100644 --- a/templates/tests/test-connection.yaml +++ b/templates/tests/test-connection.yaml @@ -19,7 +19,7 @@ spec: apk add diffutils expected_file="/test_expected/vpn-vpn.mobileconfig" - actual_file="/test/vpn-{{ print (index .Values "ipsec-vpn-server" "users" 0 "username") }}.mobileconfig" + actual_file="/test/vpn-{{ print (index .Values.vpnserver.users 0 "username") }}.mobileconfig" # ensure path is present mkdir -p $(dirname $expected_file) diff --git a/templates/vpn.tpl b/templates/vpn.tpl index a45f15f..4870964 100644 --- a/templates/vpn.tpl +++ b/templates/vpn.tpl @@ -2,12 +2,12 @@ VPN list of concatenated VPNs for a user. */}} {{- define "vpn.list" -}} -- address: {{ print (index .root.Values "ipsec-vpn-server" "vpn" "dns_name") }} - psk: {{ print (index .root.Values "ipsec-vpn-server" "vpn" "psk") }} +- address: {{ print .root.Values.vpnserver.vpn.dns_name }} + psk: {{ print .root.Values.vpnserver.vpn.psk }} username: {{ .user.username }} password: {{ .user.password }} {{- $username := .user.username -}} -{{- range (index .root.Values "ipsec-vpn-server" "users") -}} +{{- range .root.Values.vpnserver.users -}} {{- if and (eq .username $username) (.additionalVpns) }} {{ toYaml .additionalVpns }} {{- end }} diff --git a/values.yaml b/values.yaml index 45a3048..9767888 100644 --- a/values.yaml +++ b/values.yaml @@ -1,7 +1,7 @@ fullnameOverride: &global-fullnameOverride vpn-ios-profile # values of dependency chart ipsec-vpn-server -ipsec-vpn-server: +vpnserver: # Overwrite VPN configuration of ipsec-vpn-server chart # recommended to overwrite name when using sealed-secrets fullnameOverride: *global-fullnameOverride From 8e45e88068681ab01d5ab5990c8d217531fd24f3 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 14:49:38 +0200 Subject: [PATCH 102/291] chore: format Chart.yaml indentation --- Chart.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 940fd09..538bd72 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,16 +3,16 @@ name: vpn-ios-profile description: Deploy a VPN server in K8s with provided iOS profile home: https://helm.task.media/vpn-ios-profile/ keywords: - - vpn - - ipsec - - ios - - mobileconfig +- vpn +- ipsec +- ios +- mobileconfig maintainers: - - name: taskmedia - url: https://task.media +- name: taskmedia + url: https://task.media sources: - - https://github.com/taskmedia/helm_vpn-ios-profile +- https://github.com/taskmedia/helm_vpn-ios-profile type: application From 7a111958736e8da08a6d7810d708ea5d67012ed3 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 14:50:51 +0200 Subject: [PATCH 103/291] chore: add values-*.yaml to gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index a60bbdc..5d60c6c 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ **/charts/*.tgz Chart.lock + +values-*.yaml From cf95ccf5c455148f269f9025dab22174168dc960 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 14:51:07 +0200 Subject: [PATCH 104/291] chore: add certs/ to gitignore --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 5d60c6c..3790e2a 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,6 @@ Chart.lock values-*.yaml + +## Ignore certs directory +certs/* From 21ed85650607f1e1b8fae3edadd70dd5c14d3ed6 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 21 Sep 2023 15:29:21 +0200 Subject: [PATCH 105/291] feat: generate uuid with sha1sum (#20) --- templates/certs.tpl | 4 ++-- templates/wifi.tpl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/certs.tpl b/templates/certs.tpl index 6a044e2..ba41e78 100644 --- a/templates/certs.tpl +++ b/templates/certs.tpl @@ -24,11 +24,11 @@ Add custom certificates to iOS profile PayloadDisplayName {{ .name }} PayloadIdentifier - com.apple.security.root.{{ uuidv4 }} + com.apple.security.root.{{ sha1sum (printf "cert-%s" .name) }} PayloadType com.apple.security.root PayloadUUID - {{ uuidv4 }} + {{ sha1sum (printf "cert-%s" .name) }} PayloadVersion 1 diff --git a/templates/wifi.tpl b/templates/wifi.tpl index 6e25989..eaf8691 100644 --- a/templates/wifi.tpl +++ b/templates/wifi.tpl @@ -22,11 +22,11 @@ WiFi connections PayloadDisplayName Wi-Fi {{ .wifi.ssid }} PayloadIdentifier - com.apple.wifi.managed.{{ uuidv4 }} + com.apple.wifi.managed.{{ sha1sum (printf "wifi-%s" .wifi.ssid) }} PayloadType com.apple.wifi.managed PayloadUUID - {{ uuidv4 }} + {{ sha1sum (printf "wifi-%s" .wifi.ssid) }} PayloadVersion 1 ProxyType From b51c9e57c0063fb9cf867c51e17c501b6b12e972 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 22 Sep 2023 08:49:49 +0200 Subject: [PATCH 106/291] chore: ensure vpn.name is also used for displayname (#21) --- templates/vpn.always.tpl | 2 +- templates/vpn.manual.tpl | 2 +- templates/vpn.wifi.tpl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/vpn.always.tpl b/templates/vpn.always.tpl index b679d84..8078cd7 100644 --- a/templates/vpn.always.tpl +++ b/templates/vpn.always.tpl @@ -9,7 +9,7 @@ VPN will always reconnect on this mode. {{ .vpn.name | default .vpn.address }} always PayloadDisplayName - {{ .vpn.address }} always + {{ .vpn.name | default .vpn.address }} always PayloadIdentifier {{ .vpn.address }}.{{ .vpn.username }}.always diff --git a/templates/vpn.manual.tpl b/templates/vpn.manual.tpl index 257c4be..65effad 100644 --- a/templates/vpn.manual.tpl +++ b/templates/vpn.manual.tpl @@ -8,7 +8,7 @@ Connection can be disabled by this setting and enabled for a period of time if n {{ .vpn.name | default .vpn.address }} manual PayloadDisplayName - {{ .vpn.address }} manual + {{ .vpn.name | default .vpn.address }} manual PayloadIdentifier {{ .vpn.address }}.{{ .vpn.username }}.manual diff --git a/templates/vpn.wifi.tpl b/templates/vpn.wifi.tpl index 41a986b..9eb8713 100644 --- a/templates/vpn.wifi.tpl +++ b/templates/vpn.wifi.tpl @@ -9,7 +9,7 @@ VPN will always reconnect on this mode. {{ .vpn.name | default .vpn.address }} Wi-Fi PayloadDisplayName - {{ .vpn.address }} Wi-Fi + {{ .vpn.name | default .vpn.address }} Wi-Fi PayloadIdentifier {{ .vpn.address }}.{{ .vpn.username }}.wifi From f1f94723b5d86050f873d54501b57a85b2cd596a Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 22 Sep 2023 08:49:56 +0200 Subject: [PATCH 107/291] fix: private PKCS12 certs require other values (#22) * fix: private PKCS12 certs require other values The private certificates (.p12) requires other values to be set otherwise the cert and iOS profile can not be installed * chore: fix range linebreak --- templates/certs.tpl | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/templates/certs.tpl b/templates/certs.tpl index ba41e78..9a03698 100644 --- a/templates/certs.tpl +++ b/templates/certs.tpl @@ -5,16 +5,20 @@ Add custom certificates to iOS profile {{- /* Generate list of users certificates */}} {{- $username := .user.username -}} {{- $certs := .root.Values.certs -}} -{{- range .root.Values.vpnserver.users -}} +{{- range .root.Values.vpnserver.users }} {{- if and (eq .username $username) (.certs) }} {{- $certs = concat $certs .certs }} {{- end }} {{- end }} {{- /* Template generated list of certificates */}} {{- range $certs }} +{{- $certType := "pkcs1" }} +{{- if eq "p12" ((splitList "." .filename) | last) }} +{{- $certType = "pkcs12" }} +{{- end }} PayloadCertificateFileName - {{ regexReplaceAll "\\W+" .name "-" }}.cer + {{ .filename }} PayloadContent {{ ($.root.Files.Get .filename | required (printf "certificate file not fould: %s" .filename)) | b64enc }} @@ -24,9 +28,9 @@ Add custom certificates to iOS profile PayloadDisplayName {{ .name }} PayloadIdentifier - com.apple.security.root.{{ sha1sum (printf "cert-%s" .name) }} + com.apple.security.{{ $certType }}.{{ sha1sum (printf "cert-%s" .name) }} PayloadType - com.apple.security.root + com.apple.security.{{ $certType }} PayloadUUID {{ sha1sum (printf "cert-%s" .name) }} PayloadVersion From d2470c80f53b41dd9a4840f5c2a692c1e7e724c0 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 22 Sep 2023 08:59:16 +0200 Subject: [PATCH 108/291] chore: release v0.3.1 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 538bd72..cf5d6bb 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -16,7 +16,7 @@ sources: type: application -version: 0.2.3 +version: 0.3.1 appVersion: "latest" From f6ed06ff2877440030dbbc3a166f109c5c65374d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 22 Sep 2023 22:13:11 +0200 Subject: [PATCH 109/291] chore: add option to disable service --- charts/ipsec-vpn-server/templates/service.yaml | 2 ++ charts/ipsec-vpn-server/values.yaml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/charts/ipsec-vpn-server/templates/service.yaml b/charts/ipsec-vpn-server/templates/service.yaml index c7e3deb..5d3cd43 100644 --- a/charts/ipsec-vpn-server/templates/service.yaml +++ b/charts/ipsec-vpn-server/templates/service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -10,3 +11,4 @@ spec: port: {{ .Values.ingress.ports.isakmp.port }} - name: {{ .Values.ingress.ports.ike.name }} port: {{ .Values.ingress.ports.ike.port }} +{{- end }} diff --git a/charts/ipsec-vpn-server/values.yaml b/charts/ipsec-vpn-server/values.yaml index e6ac1b2..4424f4b 100644 --- a/charts/ipsec-vpn-server/values.yaml +++ b/charts/ipsec-vpn-server/values.yaml @@ -27,3 +27,6 @@ ingress: traefik: enabled: false + +service: + enabled: true From 00e248cfad192fbbc6d6f240bc12bcc66b9cfa03 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 23 Sep 2023 01:50:16 +0200 Subject: [PATCH 110/291] chore: port - restructure and add udp to svc (#18) * chore: change ports value setting * chore: add protocol (UDP) to service * chore: use variable port names for dynamic ingressroute templating * fix: rm whitespace --- charts/ipsec-vpn-server/templates/deployment.yaml | 8 ++++---- .../templates/ingress/traefik/ingressrouteudp.yaml | 4 ++-- charts/ipsec-vpn-server/templates/service.yaml | 12 ++++++++---- charts/ipsec-vpn-server/values.yaml | 8 ++++---- 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/charts/ipsec-vpn-server/templates/deployment.yaml b/charts/ipsec-vpn-server/templates/deployment.yaml index 35d5899..91a044f 100644 --- a/charts/ipsec-vpn-server/templates/deployment.yaml +++ b/charts/ipsec-vpn-server/templates/deployment.yaml @@ -45,11 +45,11 @@ spec: securityContext: privileged: true ports: - - name: {{ .Values.ingress.ports.isakmp.name }} - containerPort: {{ .Values.ingress.ports.isakmp.port }} + - name: {{ .Values.service.ports.isakmp.name }} + containerPort: {{ .Values.service.ports.isakmp.port }} protocol: UDP - - name: {{ .Values.ingress.ports.ike.name }} - containerPort: {{ .Values.ingress.ports.ike.port }} + - name: {{ .Values.service.ports.ike.name }} + containerPort: {{ .Values.service.ports.ike.port }} protocol: UDP volumeMounts: - mountPath: /opt/src/env/ diff --git a/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml b/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml index c4aa116..307801c 100644 --- a/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml +++ b/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml @@ -1,6 +1,6 @@ {{- $fullname_vpn_server := (printf "%s-vpn-server" (include "ipsec-vpn-server.fullname" .)) -}} {{- if .Values.ingress.traefik.enabled }} -{{- range .Values.ingress.ports }} +{{- range .Values.service.ports }} apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteUDP metadata: @@ -14,4 +14,4 @@ spec: port: {{ .name }} --- {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/ipsec-vpn-server/templates/service.yaml b/charts/ipsec-vpn-server/templates/service.yaml index 5d3cd43..a832596 100644 --- a/charts/ipsec-vpn-server/templates/service.yaml +++ b/charts/ipsec-vpn-server/templates/service.yaml @@ -7,8 +7,12 @@ spec: selector: app.kubernetes.io/name: {{ template "ipsec-vpn-server.fullname" . }}-vpn-server ports: - - name: {{ .Values.ingress.ports.isakmp.name }} - port: {{ .Values.ingress.ports.isakmp.port }} - - name: {{ .Values.ingress.ports.ike.name }} - port: {{ .Values.ingress.ports.ike.port }} + - name: {{ .Values.service.ports.isakmp.name }} + port: {{ .Values.service.ports.isakmp.port }} + targetPort: vpn-isakmp + protocol: UDP + - name: {{ .Values.service.ports.ike.name }} + port: {{ .Values.service.ports.ike.port }} + targetPort: vpn-ike + protocol: UDP {{- end }} diff --git a/charts/ipsec-vpn-server/values.yaml b/charts/ipsec-vpn-server/values.yaml index 4424f4b..8452a6e 100644 --- a/charts/ipsec-vpn-server/values.yaml +++ b/charts/ipsec-vpn-server/values.yaml @@ -16,7 +16,9 @@ users: - username: vpn password: password -ingress: +service: + enabled: true + ports: isakmp: name: vpn-isakmp @@ -25,8 +27,6 @@ ingress: name: vpn-ike port: 4500 +ingress: traefik: enabled: false - -service: - enabled: true From 83ff685d01b6421b1259de49416d19294a2c68c0 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 23 Sep 2023 01:53:11 +0200 Subject: [PATCH 111/291] chore: remove values and Chart.yaml indentations --- charts/ipsec-vpn-server/Chart.yaml | 16 ++++++++-------- charts/ipsec-vpn-server/values.yaml | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index e9b18e4..d63ef2e 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -3,16 +3,16 @@ name: ipsec-vpn-server description: Deploy IPsec VPN server inside K8s with optional sealed-secrets home: https://helm.task.media/ipsec-vpn-server keywords: - - vpn - - ipsec - - traefik +- vpn +- ipsec +- traefik maintainers: - - name: fty4 - url: https://github.com/fty4 +- name: fty4 + url: https://github.com/fty4 sources: - - https://github.com/hwdsl2/docker-ipsec-vpn-server - - https://github.com/taskmedia/helm_ipsec-vpn-server - - https://github.com/taskmedia/helm +- https://github.com/hwdsl2/docker-ipsec-vpn-server +- https://github.com/taskmedia/helm_ipsec-vpn-server +- https://github.com/taskmedia/helm type: application version: 1.2.2 # hwdsl2/docker-ipsec-vpn-server does not provide versioning diff --git a/charts/ipsec-vpn-server/values.yaml b/charts/ipsec-vpn-server/values.yaml index 8452a6e..118e525 100644 --- a/charts/ipsec-vpn-server/values.yaml +++ b/charts/ipsec-vpn-server/values.yaml @@ -13,8 +13,8 @@ vpn: psk: your_presharedkey users: - - username: vpn - password: password +- username: vpn + password: password service: enabled: true From 30a98edf52c972fe8c3f5787ee91ff2cc7caf4dc Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 23 Sep 2023 01:53:26 +0200 Subject: [PATCH 112/291] chore: update release version v2.0.0 --- charts/ipsec-vpn-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index d63ef2e..4ab0702 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -14,7 +14,7 @@ sources: - https://github.com/taskmedia/helm_ipsec-vpn-server - https://github.com/taskmedia/helm type: application -version: 1.2.2 +version: 2.0.0 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 appVersion: "latest" From ec667ff735311434f6444a8147992b3677412881 Mon Sep 17 00:00:00 2001 From: fty4 Date: Fri, 22 Sep 2023 23:54:32 +0000 Subject: [PATCH 113/291] chore(release): update version to v2.0.0 --- charts/ipsec-vpn-server/Chart.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index 4ab0702..fcca42b 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -3,16 +3,16 @@ name: ipsec-vpn-server description: Deploy IPsec VPN server inside K8s with optional sealed-secrets home: https://helm.task.media/ipsec-vpn-server keywords: -- vpn -- ipsec -- traefik + - vpn + - ipsec + - traefik maintainers: -- name: fty4 - url: https://github.com/fty4 + - name: fty4 + url: https://github.com/fty4 sources: -- https://github.com/hwdsl2/docker-ipsec-vpn-server -- https://github.com/taskmedia/helm_ipsec-vpn-server -- https://github.com/taskmedia/helm + - https://github.com/hwdsl2/docker-ipsec-vpn-server + - https://github.com/taskmedia/helm_ipsec-vpn-server + - https://github.com/taskmedia/helm type: application version: 2.0.0 # hwdsl2/docker-ipsec-vpn-server does not provide versioning From 8d48c99f967ca512b7d11620fd1aa51d18b63be7 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 23 Sep 2023 02:01:51 +0200 Subject: [PATCH 114/291] fix: remove Docker Hub from release --- .github/workflows/release.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 920cc1a..2ee414b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -51,12 +51,6 @@ jobs: - name: push Helm chart to ghcr run: helm push ./release/*tgz oci://ghcr.io/taskmedia - - name: login dockerhub registry - run: echo '${{ secrets.DOCKER_PASSWORD }}' | docker login -u '${{ secrets.DOCKER_USERNAME }}' --password-stdin - - - name: push Helm chart to dockerhub - run: helm push ./release/*tgz oci://registry-1.docker.io/taskmedia - - name: Update Index env: GH_PAGES_URL: github.com/taskmedia/helm From a0a2b2ff8814438f73c336aab849d77b6dda5089 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 23 Sep 2023 02:04:27 +0200 Subject: [PATCH 115/291] chore(docs): remove Docker Hub from README --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index f324263..f5707e0 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,10 @@ $ vi ./my-values.yaml $ helm upgrade --install vpn taskmedia/ipsec-vpn-server --values ./my-values.yaml ``` -You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/) or Docker Hub: +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): ```bash $ helm upgrade --install vpn oci://ghcr.io/taskmedia/ipsec-vpn-server -$ helm upgrade --install vpn oci://registry-1.docker.io/taskmedia/ipsec-vpn-server ``` ## Using sealed-secrets From 95b3ed28506f34da91a4587293800c2a98afa17d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 28 Sep 2023 07:45:54 +0200 Subject: [PATCH 116/291] fix: use correct variable for group (#24) --- templates/vpn.always.tpl | 2 +- templates/vpn.manual.tpl | 2 +- templates/vpn.wifi.tpl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/vpn.always.tpl b/templates/vpn.always.tpl index 8078cd7..3f09a29 100644 --- a/templates/vpn.always.tpl +++ b/templates/vpn.always.tpl @@ -39,7 +39,7 @@ VPN will always reconnect on this mode. {{- if .vpn.group }} LocalIdentifier - {{ .vpn.username }} + {{ .vpn.group }} {{- end }} diff --git a/templates/vpn.manual.tpl b/templates/vpn.manual.tpl index 65effad..d0209d1 100644 --- a/templates/vpn.manual.tpl +++ b/templates/vpn.manual.tpl @@ -38,7 +38,7 @@ Connection can be disabled by this setting and enabled for a period of time if n {{- if .vpn.group }} LocalIdentifier - {{ .vpn.username }} + {{ .vpn.group }} {{- end }} diff --git a/templates/vpn.wifi.tpl b/templates/vpn.wifi.tpl index 9eb8713..b331f75 100644 --- a/templates/vpn.wifi.tpl +++ b/templates/vpn.wifi.tpl @@ -39,7 +39,7 @@ VPN will always reconnect on this mode. {{- if .vpn.group }} LocalIdentifier - {{ .vpn.username }} + {{ .vpn.group }} {{- end }} From 457fcb0cdd584f8584248888679e6071c86701d6 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 20 Sep 2024 15:04:26 +0200 Subject: [PATCH 117/291] chore: allow to specify initContainer image via values (#22) --- charts/ipsec-vpn-server/templates/deployment.yaml | 2 +- charts/ipsec-vpn-server/values.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/ipsec-vpn-server/templates/deployment.yaml b/charts/ipsec-vpn-server/templates/deployment.yaml index 91a044f..102c81d 100644 --- a/charts/ipsec-vpn-server/templates/deployment.yaml +++ b/charts/ipsec-vpn-server/templates/deployment.yaml @@ -14,7 +14,7 @@ spec: spec: initContainers: - name: init-config - image: bash:alpine3.15 + image: "{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}" command: ["sh", "-c"] args: ["/vpn/scripts/create-env.sh"] env: diff --git a/charts/ipsec-vpn-server/values.yaml b/charts/ipsec-vpn-server/values.yaml index 118e525..8c85b7e 100644 --- a/charts/ipsec-vpn-server/values.yaml +++ b/charts/ipsec-vpn-server/values.yaml @@ -6,6 +6,11 @@ image: tag: latest pullPolicy: Always +initContainer: + image: + repository: bash + tag: alpine3.15 + sealed_secrets: false vpn: From 96fa423544d4d6308688034528de895049aa926f Mon Sep 17 00:00:00 2001 From: Nikolai Gut Date: Wed, 9 Oct 2024 11:38:08 +0200 Subject: [PATCH 118/291] feat: add PersistentVolumeClaims for IPsec VPN Server (#19) * chore: Add persistent volume claims for vpn-config and ipsec-data * Update charts/ipsec-vpn-server/templates/pvc.yaml Co-authored-by: Marco Lecheler * Update charts/ipsec-vpn-server/templates/pvc.yaml Co-authored-by: Marco Lecheler * fix: Update persistent volume claim in deployment and pvc templates --------- Co-authored-by: Marco Lecheler Co-authored-by: Nikolai Gut --- charts/ipsec-vpn-server/templates/deployment.yaml | 5 +++++ charts/ipsec-vpn-server/templates/pvc.yaml | 12 ++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 charts/ipsec-vpn-server/templates/pvc.yaml diff --git a/charts/ipsec-vpn-server/templates/deployment.yaml b/charts/ipsec-vpn-server/templates/deployment.yaml index 102c81d..cbb93a2 100644 --- a/charts/ipsec-vpn-server/templates/deployment.yaml +++ b/charts/ipsec-vpn-server/templates/deployment.yaml @@ -54,6 +54,8 @@ spec: volumeMounts: - mountPath: /opt/src/env/ name: vpn-config + - mountPath: /etc/ipsec.d/ + name: ipsec-data volumes: - name: vpn-config @@ -62,3 +64,6 @@ spec: configMap: name: {{ include "ipsec-vpn-server.fullname" . }}-vpnscript defaultMode: 0777 + - name: ipsec-data + persistentVolumeClaim: + claimName: {{ include "ipsec-vpn-server.fullname" . }}-data diff --git a/charts/ipsec-vpn-server/templates/pvc.yaml b/charts/ipsec-vpn-server/templates/pvc.yaml new file mode 100644 index 0000000..f1d9962 --- /dev/null +++ b/charts/ipsec-vpn-server/templates/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "ipsec-vpn-server.fullname" . }}-data + labels: + app.kubernetes.io/name: {{ template "ipsec-vpn-server.fullname" . }}-vpn-server +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Mi From e69cb15abb07b2505e3b9aaa748c1cd3c91ead3f Mon Sep 17 00:00:00 2001 From: fty4 Date: Wed, 9 Oct 2024 09:41:22 +0000 Subject: [PATCH 119/291] chore(release): update version to v2.1.0 --- charts/ipsec-vpn-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index fcca42b..d322803 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -14,7 +14,7 @@ sources: - https://github.com/taskmedia/helm_ipsec-vpn-server - https://github.com/taskmedia/helm type: application -version: 2.0.0 +version: 2.1.0 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 appVersion: "latest" From b8a7eeb2dbbef400e6e6b4b7e16c9eb609561793 Mon Sep 17 00:00:00 2001 From: fty4 Date: Wed, 9 Oct 2024 09:49:48 +0000 Subject: [PATCH 120/291] chore(release): update version to v2.1.1 --- charts/ipsec-vpn-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index d322803..dda2b57 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -14,7 +14,7 @@ sources: - https://github.com/taskmedia/helm_ipsec-vpn-server - https://github.com/taskmedia/helm type: application -version: 2.1.0 +version: 2.1.1 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 appVersion: "latest" From 6e5e20780ebe97abca71bf24d55e7c0a2608d201 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 9 Oct 2024 11:52:18 +0200 Subject: [PATCH 121/291] chore: add dependabot (#23) --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..41ea2a6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" From 5967278e9c496cab2687891126ff85f379a44092 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 15:57:29 +0200 Subject: [PATCH 122/291] chore(deps): bump azure/setup-helm from 3 to 4 (#28) Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3 to 4. - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/v3...v4) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2ee414b..2923639 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,7 +12,7 @@ jobs: with: fetch-depth: 0 - - uses: azure/setup-helm@v3 + - uses: azure/setup-helm@v4 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index e5774bb..fea002f 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -12,7 +12,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4 with: version: v3.10.0 From 20ae4db7b249432c98b38cfa22c39742fea5a693 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 15:57:43 +0200 Subject: [PATCH 123/291] chore(deps): bump actions/setup-python from 4 to 5 (#27) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index fea002f..72c34b3 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -16,7 +16,7 @@ jobs: with: version: v3.10.0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: '3.9' check-latest: true From 32f22bd5b8a7fb2fe37ee24a135a0300560b593e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 15:57:57 +0200 Subject: [PATCH 124/291] chore(deps): bump actions/checkout from 2 to 4 (#26) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2923639..25d489d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,7 +8,7 @@ jobs: if: github.repository == 'taskmedia/helm_ipsec-vpn-server' steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 72c34b3..7ea2325 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 From 63b781235829874672d38e92dc299fc99b67817e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 15:58:13 +0200 Subject: [PATCH 125/291] chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.6.1 (#25) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.3.1 to 2.6.1. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.3.1...v2.6.1) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 7ea2325..9dad2d8 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -22,7 +22,7 @@ jobs: check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed From bd76bb7b8a0a66eecd59747cbcf5921335a6d77f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 15:58:29 +0200 Subject: [PATCH 126/291] chore(deps): bump JamesIves/github-pages-deploy-action (#24) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.2.5 to 4.6.8. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.2.5...v4.6.8) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 25d489d..b773554 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -68,7 +68,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.2.5 + uses: JamesIves/github-pages-deploy-action@v4.6.8 with: repository-name: taskmedia/helm branch: gh-pages From 41f25a548f68c7dceae11f15dd51ee0c82a50a9b Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 16:46:36 +0200 Subject: [PATCH 127/291] chore: init Helm create --- .helmignore | 23 +++++ Chart.yaml | 24 ++++++ templates/NOTES.txt | 22 +++++ templates/_helpers.tpl | 62 ++++++++++++++ templates/deployment.yaml | 68 +++++++++++++++ templates/hpa.yaml | 32 +++++++ templates/ingress.yaml | 43 ++++++++++ templates/service.yaml | 15 ++++ templates/serviceaccount.yaml | 13 +++ templates/tests/test-connection.yaml | 15 ++++ values.yaml | 123 +++++++++++++++++++++++++++ 11 files changed, 440 insertions(+) create mode 100644 .helmignore create mode 100644 Chart.yaml create mode 100644 templates/NOTES.txt create mode 100644 templates/_helpers.tpl create mode 100644 templates/deployment.yaml create mode 100644 templates/hpa.yaml create mode 100644 templates/ingress.yaml create mode 100644 templates/service.yaml create mode 100644 templates/serviceaccount.yaml create mode 100644 templates/tests/test-connection.yaml create mode 100644 values.yaml diff --git a/.helmignore b/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..29ea304 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: plngxbackup +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 0000000..b5948ed --- /dev/null +++ b/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "plngxbackup.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "plngxbackup.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "plngxbackup.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "plngxbackup.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..b9c83f4 --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "plngxbackup.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "plngxbackup.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "plngxbackup.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "plngxbackup.labels" -}} +helm.sh/chart: {{ include "plngxbackup.chart" . }} +{{ include "plngxbackup.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "plngxbackup.selectorLabels" -}} +app.kubernetes.io/name: {{ include "plngxbackup.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "plngxbackup.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "plngxbackup.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml new file mode 100644 index 0000000..7f7fcab --- /dev/null +++ b/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "plngxbackup.fullname" . }} + labels: + {{- include "plngxbackup.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "plngxbackup.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "plngxbackup.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "plngxbackup.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/templates/hpa.yaml b/templates/hpa.yaml new file mode 100644 index 0000000..f7ec3e0 --- /dev/null +++ b/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "plngxbackup.fullname" . }} + labels: + {{- include "plngxbackup.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "plngxbackup.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml new file mode 100644 index 0000000..2f3db7f --- /dev/null +++ b/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "plngxbackup.fullname" . }} + labels: + {{- include "plngxbackup.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.ingress.className }} + ingressClassName: {{ . }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- with .pathType }} + pathType: {{ . }} + {{- end }} + backend: + service: + name: {{ include "plngxbackup.fullname" $ }} + port: + number: {{ $.Values.service.port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..8e4862c --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "plngxbackup.fullname" . }} + labels: + {{- include "plngxbackup.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "plngxbackup.selectorLabels" . | nindent 4 }} diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml new file mode 100644 index 0000000..1c4b23e --- /dev/null +++ b/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "plngxbackup.serviceAccountName" . }} + labels: + {{- include "plngxbackup.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml new file mode 100644 index 0000000..f8da29b --- /dev/null +++ b/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "plngxbackup.fullname" . }}-test-connection" + labels: + {{- include "plngxbackup.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "plngxbackup.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..600b641 --- /dev/null +++ b/values.yaml @@ -0,0 +1,123 @@ +# Default values for plngxbackup. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ +replicaCount: 1 + +# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ +image: + repository: nginx + # This sets the pull policy for images. + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# This is to override the chart name. +nameOverride: "" +fullnameOverride: "" + +# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# This is for setting Kubernetes Annotations to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} +# This is for setting Kubernetes Labels to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ +service: + # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: ClusterIP + # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports + port: 80 + +# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +livenessProbe: + httpGet: + path: / + port: http +readinessProbe: + httpGet: + path: / + port: http + +# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} From fb0b7512ab80eb731f173452266a0e4911b8af8c Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 16:48:16 +0200 Subject: [PATCH 128/291] chore: rebrand chart --- Chart.yaml | 21 +---- templates/NOTES.txt | 22 ----- templates/deployment.yaml | 68 --------------- templates/hpa.yaml | 32 ------- templates/ingress.yaml | 43 ---------- templates/service.yaml | 15 ---- templates/serviceaccount.yaml | 13 --- templates/tests/test-connection.yaml | 15 ---- values.yaml | 123 --------------------------- 9 files changed, 3 insertions(+), 349 deletions(-) delete mode 100644 templates/NOTES.txt delete mode 100644 templates/deployment.yaml delete mode 100644 templates/hpa.yaml delete mode 100644 templates/ingress.yaml delete mode 100644 templates/service.yaml delete mode 100644 templates/serviceaccount.yaml delete mode 100644 templates/tests/test-connection.yaml diff --git a/Chart.yaml b/Chart.yaml index 29ea304..d616c44 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,24 +1,9 @@ apiVersion: v2 -name: plngxbackup -description: A Helm chart for Kubernetes +name: paperless-ngx backup +description: Backup paperless-ngx via K8s cronjob to FTP -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) version: 0.1.0 -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "0.1.0" diff --git a/templates/NOTES.txt b/templates/NOTES.txt deleted file mode 100644 index b5948ed..0000000 --- a/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "plngxbackup.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "plngxbackup.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "plngxbackup.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "plngxbackup.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml deleted file mode 100644 index 7f7fcab..0000000 --- a/templates/deployment.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "plngxbackup.fullname" . }} - labels: - {{- include "plngxbackup.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "plngxbackup.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "plngxbackup.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "plngxbackup.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/templates/hpa.yaml b/templates/hpa.yaml deleted file mode 100644 index f7ec3e0..0000000 --- a/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "plngxbackup.fullname" . }} - labels: - {{- include "plngxbackup.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "plngxbackup.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml deleted file mode 100644 index 2f3db7f..0000000 --- a/templates/ingress.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "plngxbackup.fullname" . }} - labels: - {{- include "plngxbackup.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- with .pathType }} - pathType: {{ . }} - {{- end }} - backend: - service: - name: {{ include "plngxbackup.fullname" $ }} - port: - number: {{ $.Values.service.port }} - {{- end }} - {{- end }} -{{- end }} diff --git a/templates/service.yaml b/templates/service.yaml deleted file mode 100644 index 8e4862c..0000000 --- a/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "plngxbackup.fullname" . }} - labels: - {{- include "plngxbackup.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "plngxbackup.selectorLabels" . | nindent 4 }} diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml deleted file mode 100644 index 1c4b23e..0000000 --- a/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "plngxbackup.serviceAccountName" . }} - labels: - {{- include "plngxbackup.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml deleted file mode 100644 index f8da29b..0000000 --- a/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "plngxbackup.fullname" . }}-test-connection" - labels: - {{- include "plngxbackup.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "plngxbackup.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/values.yaml b/values.yaml index 600b641..e69de29 100644 --- a/values.yaml +++ b/values.yaml @@ -1,123 +0,0 @@ -# Default values for plngxbackup. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ -replicaCount: 1 - -# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ -image: - repository: nginx - # This sets the pull policy for images. - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# This is to override the chart name. -nameOverride: "" -fullnameOverride: "" - -# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -# This is for setting Kubernetes Annotations to a Pod. -# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -podAnnotations: {} -# This is for setting Kubernetes Labels to a Pod. -# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ -service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - port: 80 - -# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ -livenessProbe: - httpGet: - path: / - port: http -readinessProbe: - httpGet: - path: / - port: http - -# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} From 7f516eb5830f93ff7486b10a0ba7e9aca36defb6 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 17:02:15 +0200 Subject: [PATCH 129/291] fix: do not use space in chart name --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index d616c44..5e169f5 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: paperless-ngx backup +name: paperless-ngx-backup description: Backup paperless-ngx via K8s cronjob to FTP type: application From 94a8c0f22a4b552a8da16ecd94ddb26b55abf58f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 17:14:06 +0200 Subject: [PATCH 130/291] feat: add basic structure For development using pod instead of cronjob. --- templates/configmap.yaml | 9 +++++++++ templates/cronjob.yaml | 24 ++++++++++++++++++++++++ templates/rbac/role.yaml | 11 +++++++++++ templates/rbac/rolebinding.yaml | 12 ++++++++++++ templates/rbac/serviceaccount.yaml | 4 ++++ 5 files changed, 60 insertions(+) create mode 100644 templates/configmap.yaml create mode 100644 templates/cronjob.yaml create mode 100644 templates/rbac/role.yaml create mode 100644 templates/rbac/rolebinding.yaml create mode 100644 templates/rbac/serviceaccount.yaml diff --git a/templates/configmap.yaml b/templates/configmap.yaml new file mode 100644 index 0000000..12c1247 --- /dev/null +++ b/templates/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "plngxbackup.fullname" . }}" +data: + backup.sh: | + #!/bin/sh + echo "Hello, World!" + sleep infinity diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml new file mode 100644 index 0000000..3426863 --- /dev/null +++ b/templates/cronjob.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "plngxbackup.fullname" . }}" +spec: + serviceAccountName: {{ include "plngxbackup.fullname" . }} + containers: + - name: backup + image: bitnami/kubectl:latest + # command: ["sh", "-c", "sleep infinity"] + command: ["sh", "-c", "/scripts/backup.sh"] + volumeMounts: + - name: script-volume + mountPath: /scripts/backup.sh + subPath: backup.sh + restartPolicy: Never + volumes: + - name: script-volume + configMap: + name: {{ include "plngxbackup.fullname" . }} + items: + - key: backup.sh + path: backup.sh + defaultMode: 0777 diff --git a/templates/rbac/role.yaml b/templates/rbac/role.yaml new file mode 100644 index 0000000..60bdcca --- /dev/null +++ b/templates/rbac/role.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ include "plngxbackup.fullname" . }}" +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] diff --git a/templates/rbac/rolebinding.yaml b/templates/rbac/rolebinding.yaml new file mode 100644 index 0000000..b44f481 --- /dev/null +++ b/templates/rbac/rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ include "plngxbackup.fullname" . }}" +subjects: + - kind: ServiceAccount + name: "{{ include "plngxbackup.fullname" . }}" + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: "{{ include "plngxbackup.fullname" . }}" + apiGroup: rbac.authorization.k8s.io diff --git a/templates/rbac/serviceaccount.yaml b/templates/rbac/serviceaccount.yaml new file mode 100644 index 0000000..6a007e9 --- /dev/null +++ b/templates/rbac/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ include "plngxbackup.fullname" . }}" From fa7fd2e1ca0951338b31aecf15c6ba5513605d74 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 18:05:17 +0200 Subject: [PATCH 131/291] feat: add document_exporter cmd --- templates/configmap.yaml | 16 ++++++++++++++-- values.yaml | 2 ++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index 12c1247..439e632 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -5,5 +5,17 @@ metadata: data: backup.sh: | #!/bin/sh - echo "Hello, World!" - sleep infinity + + TIMESTAMP=$(date +"%Y%m%d-%H%M%S") + + echo "Creating paperless-ngx backup" + kubectl exec {{ .Values.paperless.podname }} --container paperless-ngx -- \ + document_exporter \ + --no-progress-bar \ + --split-manifest \ + --use-folder-prefix \ + --zip \ + --zip-name "${TIMESTAMP}-plngx" \ + ../export + + # sleep infinity diff --git a/values.yaml b/values.yaml index e69de29..8697660 100644 --- a/values.yaml +++ b/values.yaml @@ -0,0 +1,2 @@ +paperless: + podname: paperless-ngx-0 From d8052ce032049411d4c3b416c58bcf15ec8803ca Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 18:05:33 +0200 Subject: [PATCH 132/291] chore: use deployment instead pod --- templates/cronjob.yaml | 52 ++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 20 deletions(-) diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index 3426863..7d73c13 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -1,24 +1,36 @@ -apiVersion: v1 -kind: Pod +apiVersion: apps/v1 +kind: Deployment metadata: name: "{{ include "plngxbackup.fullname" . }}" spec: - serviceAccountName: {{ include "plngxbackup.fullname" . }} - containers: - - name: backup - image: bitnami/kubectl:latest - # command: ["sh", "-c", "sleep infinity"] - command: ["sh", "-c", "/scripts/backup.sh"] - volumeMounts: + replicas: 1 + selector: + matchLabels: + app: "{{ include "plngxbackup.fullname" . }}" + template: + metadata: + name: "{{ include "plngxbackup.fullname" . }}" + annotations: + configmap-hash: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + app: "{{ include "plngxbackup.fullname" . }}" + spec: + serviceAccountName: {{ include "plngxbackup.fullname" . }} + containers: + - name: backup + image: bitnami/kubectl:latest + command: ["sh", "-c", "sleep infinity"] + # command: ["sh", "-c", "/scripts/backup.sh"] + volumeMounts: + - name: script-volume + mountPath: /scripts/backup.sh + subPath: backup.sh + restartPolicy: Always # TODO: change + volumes: - name: script-volume - mountPath: /scripts/backup.sh - subPath: backup.sh - restartPolicy: Never - volumes: - - name: script-volume - configMap: - name: {{ include "plngxbackup.fullname" . }} - items: - - key: backup.sh - path: backup.sh - defaultMode: 0777 + configMap: + name: {{ include "plngxbackup.fullname" . }} + items: + - key: backup.sh + path: backup.sh + defaultMode: 0777 From 25db4a20e30563bf122d4d063986a3dfc3f2a65f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 21:03:39 +0200 Subject: [PATCH 133/291] feat: add kubectl cp cmd --- templates/configmap.yaml | 15 +++++++++++++-- templates/cronjob.yaml | 4 ++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index 439e632..158351d 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -7,15 +7,26 @@ data: #!/bin/sh TIMESTAMP=$(date +"%Y%m%d-%H%M%S") + FILENAME="${TIMESTAMP}-plngx" + FILENAME_ZIP="${FILENAME}.zip" + + PL_CONTAINER_NAME="paperless-ngx" + PL_POD_NAME="{{ .Values.paperless.podname }}" echo "Creating paperless-ngx backup" - kubectl exec {{ .Values.paperless.podname }} --container paperless-ngx -- \ + kubectl exec ${PL_POD_NAME} --container ${PL_CONTAINER_NAME} -- \ document_exporter \ --no-progress-bar \ --split-manifest \ --use-folder-prefix \ --zip \ - --zip-name "${TIMESTAMP}-plngx" \ + --zip-name ${FILENAME} \ ../export + echo "Copying backup to backup pod" + kubectl cp \ + --container="${PL_CONTAINER_NAME}" \ + ${PL_POD_NAME}:../export/${FILENAME_ZIP} \ + /backup-plngx/${FILENAME_ZIP} + # sleep infinity diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index 7d73c13..f45fa7b 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -22,11 +22,15 @@ spec: command: ["sh", "-c", "sleep infinity"] # command: ["sh", "-c", "/scripts/backup.sh"] volumeMounts: + - name: backup + mountPath: /backup-plngx - name: script-volume mountPath: /scripts/backup.sh subPath: backup.sh restartPolicy: Always # TODO: change volumes: + - name: backup + emptyDir: {} - name: script-volume configMap: name: {{ include "plngxbackup.fullname" . }} From 391f5dc764328e5cf3141ebe30a1c6319baf7258 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 21:48:36 +0200 Subject: [PATCH 134/291] feat: add pgp encryption --- templates/configmap.yaml | 25 +++++++++++++++++++++++++ templates/cronjob.yaml | 18 ++++++++++++++++-- values.yaml | 8 ++++++++ 3 files changed, 49 insertions(+), 2 deletions(-) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index 158351d..c78f026 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -29,4 +29,29 @@ data: ${PL_POD_NAME}:../export/${FILENAME_ZIP} \ /backup-plngx/${FILENAME_ZIP} + {{- if .Values.encryption.enabled }} + echo "Encrypting backup" + gpg \ + --batch \ + --yes \ + --output /backup-plngx/${FILENAME_ZIP}.gpg \ + --encrypt \ + --recipient-file /scripts/publickey.gpg \ + --homedir /backup-plngx/.gnupg \ + --encrypt /backup-plngx/${FILENAME_ZIP} + if ! [ $? -eq 0 ]; then + echo "error on encryption" + rm -rf /backup-plngx/${FILENAME_ZIP} + exit 1 + fi + {{- end }} + + + # rm /backup-plngx/${FILENAME_ZIP} + # sleep infinity + +{{- if .Values.encryption.enabled }} + publickey.gpg: | + {{- .Values.encryption.publickey | nindent 4 }} +{{- end }} diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index f45fa7b..c2ae4da 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: {{ include "plngxbackup.fullname" . }} containers: - name: backup - image: bitnami/kubectl:latest + image: ghcr.io/taskmedia/kubectl-gpg-ftp:main command: ["sh", "-c", "sleep infinity"] # command: ["sh", "-c", "/scripts/backup.sh"] volumeMounts: @@ -27,6 +27,11 @@ spec: - name: script-volume mountPath: /scripts/backup.sh subPath: backup.sh + {{- if .Values.encryption.enabled }} + - name: gpg-volume + mountPath: /scripts/publickey.gpg + subPath: publickey.gpg + {{- end }} restartPolicy: Always # TODO: change volumes: - name: backup @@ -37,4 +42,13 @@ spec: items: - key: backup.sh path: backup.sh - defaultMode: 0777 + defaultMode: 0555 # read and execute + {{- if .Values.encryption.enabled }} + - name: gpg-volume + configMap: + name: {{ include "plngxbackup.fullname" . }} + items: + - key: publickey.gpg + path: publickey.gpg + defaultMode: 0444 # read only + {{- end }} diff --git a/values.yaml b/values.yaml index 8697660..6597d23 100644 --- a/values.yaml +++ b/values.yaml @@ -1,2 +1,10 @@ paperless: podname: paperless-ngx-0 + +encryption: + enabled: false + publickey: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZab + -----END PGP PUBLIC KEY BLOCK----- From 487ccc67e104a8af27ecfbce17cdaa38fa95beb1 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 23:30:23 +0200 Subject: [PATCH 135/291] feat: add ftp upload --- templates/configmap.yaml | 18 +++++++++++++++--- templates/cronjob.yaml | 14 +++++++++++++- values.yaml | 6 ++++++ 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index c78f026..b6b2fae 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -44,12 +44,24 @@ data: rm -rf /backup-plngx/${FILENAME_ZIP} exit 1 fi + rm /backup-plngx/${FILENAME_ZIP} + FILENAME_ZIP="${FILENAME}.zip.gpg" {{- end }} + echo "upload file to FTP" + ncftpput \ + -u "${FTP_USERNAME}" \ + -p "${FTP_PASSWORD}" \ + "${FTP_HOST}" \ + "${FTP_PATH}" \ + "/backup-plngx/${FILENAME_ZIP}" + if ! [ $? -eq 0 ]; then + echo "error on upload" + rm -rf ${FILENAME_ZIP} + exit 1 + fi - # rm /backup-plngx/${FILENAME_ZIP} - - # sleep infinity + rm /backup-plngx/${FILENAME_ZIP} {{- if .Values.encryption.enabled }} publickey.gpg: | diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index c2ae4da..9b1b7ab 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -18,9 +18,21 @@ spec: serviceAccountName: {{ include "plngxbackup.fullname" . }} containers: - name: backup - image: ghcr.io/taskmedia/kubectl-gpg-ftp:main + image: ghcr.io/taskmedia/kubectl-gpg-ncftp:main + securityContext: + runAsUser: 65534 + runAsGroup: 65534 command: ["sh", "-c", "sleep infinity"] # command: ["sh", "-c", "/scripts/backup.sh"] + env: + - name: FTP_HOST + value: "{{ .Values.ftp.host }}" + - name: FTP_USERNAME + value: "{{ .Values.ftp.user }}" + - name: FTP_PASSWORD + value: "{{ .Values.ftp.password }}" + - name: FTP_PATH + value: "{{ .Values.ftp.path }}" volumeMounts: - name: backup mountPath: /backup-plngx diff --git a/values.yaml b/values.yaml index 6597d23..553b9e4 100644 --- a/values.yaml +++ b/values.yaml @@ -8,3 +8,9 @@ encryption: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZab -----END PGP PUBLIC KEY BLOCK----- + +ftp: + host: "" + user: "" + password: "" + path: "." From 13393f1494b9045a7088f16b3fed0b6bb3c0edca Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Fri, 25 Oct 2024 23:56:31 +0200 Subject: [PATCH 136/291] feat: use cronjob --- templates/cronjob.yaml | 116 +++++++++++++++++++++-------------------- values.yaml | 2 + 2 files changed, 61 insertions(+), 57 deletions(-) diff --git a/templates/cronjob.yaml b/templates/cronjob.yaml index 9b1b7ab..dcee6ca 100644 --- a/templates/cronjob.yaml +++ b/templates/cronjob.yaml @@ -1,66 +1,68 @@ -apiVersion: apps/v1 -kind: Deployment +apiVersion: batch/v1 +kind: CronJob metadata: name: "{{ include "plngxbackup.fullname" . }}" spec: - replicas: 1 - selector: - matchLabels: - app: "{{ include "plngxbackup.fullname" . }}" - template: - metadata: - name: "{{ include "plngxbackup.fullname" . }}" - annotations: - configmap-hash: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - labels: - app: "{{ include "plngxbackup.fullname" . }}" + schedule: "{{ .Values.cron }}" + successfulJobsHistoryLimit: 2 + failedJobsHistoryLimit: 2 + jobTemplate: spec: - serviceAccountName: {{ include "plngxbackup.fullname" . }} - containers: - - name: backup - image: ghcr.io/taskmedia/kubectl-gpg-ncftp:main - securityContext: - runAsUser: 65534 - runAsGroup: 65534 - command: ["sh", "-c", "sleep infinity"] - # command: ["sh", "-c", "/scripts/backup.sh"] - env: - - name: FTP_HOST - value: "{{ .Values.ftp.host }}" - - name: FTP_USERNAME - value: "{{ .Values.ftp.user }}" - - name: FTP_PASSWORD - value: "{{ .Values.ftp.password }}" - - name: FTP_PATH - value: "{{ .Values.ftp.path }}" - volumeMounts: + backoffLimit: 2 + activeDeadlineSeconds: 60 + template: + metadata: + name: "{{ include "plngxbackup.fullname" . }}" + annotations: + configmap-hash: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + app: "{{ include "plngxbackup.fullname" . }}" + spec: + serviceAccountName: {{ include "plngxbackup.fullname" . }} + containers: - name: backup - mountPath: /backup-plngx + image: ghcr.io/taskmedia/kubectl-gpg-ncftp:main + securityContext: + runAsUser: 65534 + runAsGroup: 65534 + command: ["sh", "-c", "/scripts/backup.sh"] + env: + - name: FTP_HOST + value: "{{ .Values.ftp.host }}" + - name: FTP_USERNAME + value: "{{ .Values.ftp.user }}" + - name: FTP_PASSWORD + value: "{{ .Values.ftp.password }}" + - name: FTP_PATH + value: "{{ .Values.ftp.path }}" + volumeMounts: + - name: backup + mountPath: /backup-plngx + - name: script-volume + mountPath: /scripts/backup.sh + subPath: backup.sh + {{- if .Values.encryption.enabled }} + - name: gpg-volume + mountPath: /scripts/publickey.gpg + subPath: publickey.gpg + {{- end }} + restartPolicy: OnFailure + volumes: + - name: backup + emptyDir: {} - name: script-volume - mountPath: /scripts/backup.sh - subPath: backup.sh + configMap: + name: {{ include "plngxbackup.fullname" . }} + items: + - key: backup.sh + path: backup.sh + defaultMode: 0555 # read and execute {{- if .Values.encryption.enabled }} - name: gpg-volume - mountPath: /scripts/publickey.gpg - subPath: publickey.gpg + configMap: + name: {{ include "plngxbackup.fullname" . }} + items: + - key: publickey.gpg + path: publickey.gpg + defaultMode: 0444 # read only {{- end }} - restartPolicy: Always # TODO: change - volumes: - - name: backup - emptyDir: {} - - name: script-volume - configMap: - name: {{ include "plngxbackup.fullname" . }} - items: - - key: backup.sh - path: backup.sh - defaultMode: 0555 # read and execute - {{- if .Values.encryption.enabled }} - - name: gpg-volume - configMap: - name: {{ include "plngxbackup.fullname" . }} - items: - - key: publickey.gpg - path: publickey.gpg - defaultMode: 0444 # read only - {{- end }} diff --git a/values.yaml b/values.yaml index 553b9e4..0a85a20 100644 --- a/values.yaml +++ b/values.yaml @@ -1,3 +1,5 @@ +cron: "0 2 * * 0" # Runs every week (Sunday at 2 AM) + paperless: podname: paperless-ngx-0 From 3d36355c0821e326a8a3d20afc0fbd79ac81dad6 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:00:57 +0200 Subject: [PATCH 137/291] feat: remove backup from plngx pod --- templates/configmap.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index b6b2fae..68e7369 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -29,6 +29,10 @@ data: ${PL_POD_NAME}:../export/${FILENAME_ZIP} \ /backup-plngx/${FILENAME_ZIP} + echo "Remove backup from paperless-ngx pod" + kubectl exec ${PL_POD_NAME} --container ${PL_CONTAINER_NAME} -- \ + rm ../export/${FILENAME_ZIP} + {{- if .Values.encryption.enabled }} echo "Encrypting backup" gpg \ From 8c211ff7d1224ad5f1844e7bd867000501653215 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:08:00 +0200 Subject: [PATCH 138/291] chore: add readme --- README.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..bb2f52a --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/paperlessngx-backup) + +# Helm chart: paperless-ngx backup + +Kubernetes [Helm](https://helm.sh) chart to create a cronjob to backup the paperless-ngx instance to a remote FTP server. + +The script will use the [document exporter](https://docs.paperless-ngx.com/administration/#exporter) to create a backup of your paperless-ngx instance. +If you want the backup also can be gpg encrypted prior to upload the zipped backup to the FTP server. + +## Configuration + +The configuration of the backup cronjob will be set in the [`values.yaml`](./values.yaml)-file. +Everything is pretty straight forward and should be self-explanatory. +If you think more information should be provided or need help, feel free to open an issue. + +## Installation + +To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. +After it was modified you can deploy the chart with the following command. + +```bash +$ helm repo add taskmedia https://helm.task.media +$ helm repo update + +$ helm show values taskmedia/paperlessngx-backup > ./my-values.yaml +$ vi ./my-values.yaml + +$ helm upgrade --install paperlessngx-backup taskmedia/paperlessngx-backup --values ./my-values.yaml +``` + +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): + +```bash +$ helm upgrade --install paperlessngx-backup oci://ghcr.io/taskmedia/paperlessngx-backup +``` From 057f0bb98e271cfe96c92780d9aa15e3e4619369 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:09:31 +0200 Subject: [PATCH 139/291] chore: add dependabot --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..41ea2a6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" From 008d00e430c79a87bcd61b36ce726a6d624bcd27 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:10:22 +0200 Subject: [PATCH 140/291] chore: add test wf --- .github/workflows/test.yaml | 48 +++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..10bfa12 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,48 @@ +name: Lint and Test Charts + +on: pull_request + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.10.0 + + - uses: actions/setup-python@v5 + with: + python-version: "3.9" + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> $GITHUB_OUTPUT + fi + + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: | + ct lint \ + --check-version-increment=false \ + --target-branch ${{ github.event.repository.default_branch }} + + - name: Create kind cluster + uses: helm/kind-action@v1.4.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + if: steps.list-changed.outputs.changed == 'true' + run: ct install --all --chart-dirs charts From 88b1a8d9267fa2a89164e02de417aa9f77752ea3 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:11:12 +0200 Subject: [PATCH 141/291] chore: add wf dispatch to test wf --- .github/workflows/test.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 10bfa12..f2cd2c7 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,6 +1,9 @@ name: Lint and Test Charts -on: pull_request +on: + pull_request: + + workflow_dispatch: jobs: lint-test: From fee6fd27dcc4dada90c90780611285a845f05d9c Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:12:41 +0200 Subject: [PATCH 142/291] chore: add release wf --- .github/workflows/release.yaml | 77 ++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..33a0381 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,77 @@ +name: Release +on: + release: + types: [published] +jobs: + build-and-deploy: + runs-on: ubuntu-latest + if: github.repository == 'taskmedia/helm_ipsec-vpn-server' + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: azure/setup-helm@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: bump release version (Chart.yaml) + env: + TAG_NAME: ${{ github.event.release.tag_name }} + run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/ipsec-vpn-server/Chart.yaml + + - name: commit version bump + uses: stefanzweifel/git-auto-commit-action@v4 + with: + branch: main + commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" + commit_options: "--no-verify" + file_pattern: charts/ipsec-vpn-server/Chart.yaml + + - name: move release tag + shell: bash + run: | + git tag --force ${{ github.event.release.tag_name }} HEAD + git push --force origin ${{ github.event.release.tag_name }} + + - name: update latest tag + shell: bash + run: | + git tag --force latest HEAD + git push --force origin latest + + - name: Create release binary + run: | + helm package charts/ipsec-vpn-server --destination release/ + + - name: login ghcr registry + run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin + + - name: push Helm chart to ghcr + run: helm push ./release/*tgz oci://ghcr.io/taskmedia + + - name: Update Index + env: + GH_PAGES_URL: github.com/taskmedia/helm + REPO_NAME: ipsec-vpn-server + HELM_URL: https://helm.task.media/ + run: | + rm -rf ./gh-pages.zip + rm -rf ./repo + curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip + unzip -o ./gh-pages.zip -d ./repo/ + mv -f ./repo/helm-gh-pages/* ./repo + rm -rf ./repo/helm-gh-pages/ + cp ./release/*tgz ./repo/${REPO_NAME}/ + cp ./README.md ./repo/${REPO_NAME}/index.md + helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo + + - name: Deploy + uses: JamesIves/github-pages-deploy-action@v4.6.8 + with: + repository-name: taskmedia/helm + branch: gh-pages + ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} + folder: repo + clean: false From 9a370cb6923608a9381d8cb652b04e45d748b883 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:13:57 +0200 Subject: [PATCH 143/291] chore(ci): use correct repo name for release wf --- .github/workflows/release.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 33a0381..6399c96 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -5,7 +5,7 @@ on: jobs: build-and-deploy: runs-on: ubuntu-latest - if: github.repository == 'taskmedia/helm_ipsec-vpn-server' + if: github.repository == 'taskmedia/helm_paperlessngx-backup' steps: - name: Checkout uses: actions/checkout@v4 @@ -19,7 +19,7 @@ jobs: - name: bump release version (Chart.yaml) env: TAG_NAME: ${{ github.event.release.tag_name }} - run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/ipsec-vpn-server/Chart.yaml + run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/paperlessngx-backup/Chart.yaml - name: commit version bump uses: stefanzweifel/git-auto-commit-action@v4 @@ -27,7 +27,7 @@ jobs: branch: main commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" commit_options: "--no-verify" - file_pattern: charts/ipsec-vpn-server/Chart.yaml + file_pattern: charts/paperlessngx-backup/Chart.yaml - name: move release tag shell: bash @@ -43,7 +43,7 @@ jobs: - name: Create release binary run: | - helm package charts/ipsec-vpn-server --destination release/ + helm package charts/paperlessngx-backup --destination release/ - name: login ghcr registry run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin @@ -54,7 +54,7 @@ jobs: - name: Update Index env: GH_PAGES_URL: github.com/taskmedia/helm - REPO_NAME: ipsec-vpn-server + REPO_NAME: paperlessngx-backup HELM_URL: https://helm.task.media/ run: | rm -rf ./gh-pages.zip From b67444996049037cb05f51c078cbd225e7e9b260 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Oct 2024 00:15:33 +0200 Subject: [PATCH 144/291] chore(deps): bump helm/kind-action from 1.4.0 to 1.10.0 (#1) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.4.0 to 1.10.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.4.0...v1.10.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index f2cd2c7..ff1eb1c 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -43,7 +43,7 @@ jobs: --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.10.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From 1265138aa298748ec31566a428fcb433c76cb271 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:16:22 +0200 Subject: [PATCH 145/291] chore: remove appversion (#2) --- Chart.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 5e169f5..ea19576 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -5,5 +5,3 @@ description: Backup paperless-ngx via K8s cronjob to FTP type: application version: 0.1.0 - -appVersion: "0.1.0" From ade97f002f696f7cc6bce3c6c1458337ef64294c Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:30:26 +0200 Subject: [PATCH 146/291] chore: move chart into charts directory (#3) * chore: move chart into charts directory * chore: use lint best practice for comment * chore: add chart metadata --- Chart.yaml | 7 ------- .../paperlessngx-backup/.helmignore | 0 charts/paperlessngx-backup/Chart.yaml | 21 +++++++++++++++++++ .../templates}/_helpers.tpl | 0 .../templates}/configmap.yaml | 0 .../templates}/cronjob.yaml | 0 .../templates}/rbac/role.yaml | 0 .../templates}/rbac/rolebinding.yaml | 0 .../templates}/rbac/serviceaccount.yaml | 0 .../paperlessngx-backup/values.yaml | 3 ++- 10 files changed, 23 insertions(+), 8 deletions(-) delete mode 100644 Chart.yaml rename .helmignore => charts/paperlessngx-backup/.helmignore (100%) create mode 100644 charts/paperlessngx-backup/Chart.yaml rename {templates => charts/paperlessngx-backup/templates}/_helpers.tpl (100%) rename {templates => charts/paperlessngx-backup/templates}/configmap.yaml (100%) rename {templates => charts/paperlessngx-backup/templates}/cronjob.yaml (100%) rename {templates => charts/paperlessngx-backup/templates}/rbac/role.yaml (100%) rename {templates => charts/paperlessngx-backup/templates}/rbac/rolebinding.yaml (100%) rename {templates => charts/paperlessngx-backup/templates}/rbac/serviceaccount.yaml (100%) rename values.yaml => charts/paperlessngx-backup/values.yaml (84%) diff --git a/Chart.yaml b/Chart.yaml deleted file mode 100644 index ea19576..0000000 --- a/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: paperless-ngx-backup -description: Backup paperless-ngx via K8s cronjob to FTP - -type: application - -version: 0.1.0 diff --git a/.helmignore b/charts/paperlessngx-backup/.helmignore similarity index 100% rename from .helmignore rename to charts/paperlessngx-backup/.helmignore diff --git a/charts/paperlessngx-backup/Chart.yaml b/charts/paperlessngx-backup/Chart.yaml new file mode 100644 index 0000000..9024502 --- /dev/null +++ b/charts/paperlessngx-backup/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: paperless-ngx-backup +description: Backup paperless-ngx via K8s cronjob to FTP +home: https://helm.task.media/paperlessngx-backup +keywords: +- paperless-ngx +- ftp +- gpg +- backup +- document exporter +maintainers: +- name: fty4 + url: https://github.com/fty4 +sources: +- https://github.com/taskmedia/helm_paperlessngx-backup +- https://github.com/taskmedia/helm +icon: https://media.task.media/images/logo.png + +type: application + +version: 0.1.0 diff --git a/templates/_helpers.tpl b/charts/paperlessngx-backup/templates/_helpers.tpl similarity index 100% rename from templates/_helpers.tpl rename to charts/paperlessngx-backup/templates/_helpers.tpl diff --git a/templates/configmap.yaml b/charts/paperlessngx-backup/templates/configmap.yaml similarity index 100% rename from templates/configmap.yaml rename to charts/paperlessngx-backup/templates/configmap.yaml diff --git a/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml similarity index 100% rename from templates/cronjob.yaml rename to charts/paperlessngx-backup/templates/cronjob.yaml diff --git a/templates/rbac/role.yaml b/charts/paperlessngx-backup/templates/rbac/role.yaml similarity index 100% rename from templates/rbac/role.yaml rename to charts/paperlessngx-backup/templates/rbac/role.yaml diff --git a/templates/rbac/rolebinding.yaml b/charts/paperlessngx-backup/templates/rbac/rolebinding.yaml similarity index 100% rename from templates/rbac/rolebinding.yaml rename to charts/paperlessngx-backup/templates/rbac/rolebinding.yaml diff --git a/templates/rbac/serviceaccount.yaml b/charts/paperlessngx-backup/templates/rbac/serviceaccount.yaml similarity index 100% rename from templates/rbac/serviceaccount.yaml rename to charts/paperlessngx-backup/templates/rbac/serviceaccount.yaml diff --git a/values.yaml b/charts/paperlessngx-backup/values.yaml similarity index 84% rename from values.yaml rename to charts/paperlessngx-backup/values.yaml index 0a85a20..2090ac7 100644 --- a/values.yaml +++ b/charts/paperlessngx-backup/values.yaml @@ -1,4 +1,5 @@ -cron: "0 2 * * 0" # Runs every week (Sunday at 2 AM) +# Runs every week (Sunday at 2 AM) +cron: "0 2 * * 0" paperless: podname: paperless-ngx-0 From 18f02e40b0d63e9e8a744dfdcc91d4c37547ce8b Mon Sep 17 00:00:00 2001 From: fty4 Date: Fri, 25 Oct 2024 22:31:14 +0000 Subject: [PATCH 147/291] chore(release): update version to v0.1.0 --- charts/paperlessngx-backup/Chart.yaml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/charts/paperlessngx-backup/Chart.yaml b/charts/paperlessngx-backup/Chart.yaml index 9024502..3e066d0 100644 --- a/charts/paperlessngx-backup/Chart.yaml +++ b/charts/paperlessngx-backup/Chart.yaml @@ -3,19 +3,17 @@ name: paperless-ngx-backup description: Backup paperless-ngx via K8s cronjob to FTP home: https://helm.task.media/paperlessngx-backup keywords: -- paperless-ngx -- ftp -- gpg -- backup -- document exporter + - paperless-ngx + - ftp + - gpg + - backup + - document exporter maintainers: -- name: fty4 - url: https://github.com/fty4 + - name: fty4 + url: https://github.com/fty4 sources: -- https://github.com/taskmedia/helm_paperlessngx-backup -- https://github.com/taskmedia/helm + - https://github.com/taskmedia/helm_paperlessngx-backup + - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png - type: application - version: 0.1.0 From 6f36e8595fd6e534820766d5b08ff5c6e01202c6 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:42:55 +0200 Subject: [PATCH 148/291] fix: ensure repo directory exists in helm repo --- .github/workflows/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6399c96..0d12faf 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -63,6 +63,7 @@ jobs: unzip -o ./gh-pages.zip -d ./repo/ mv -f ./repo/helm-gh-pages/* ./repo rm -rf ./repo/helm-gh-pages/ + mkdir -p ./repo/${REPO_NAME} || true cp ./release/*tgz ./repo/${REPO_NAME}/ cp ./README.md ./repo/${REPO_NAME}/index.md helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo From 244c57571e64bce7ce383b52332078610548edd9 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:44:25 +0200 Subject: [PATCH 149/291] chore: add gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c16ef53 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +release/ +repo/ From 72bbf5f20aa8c6ef5bfc0c1c96c7077f3134ba12 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:44:54 +0200 Subject: [PATCH 150/291] chore: add helmignore --- .helmignore | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .helmignore diff --git a/.helmignore b/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ From a149d7d06514a3357af179d1f62af047253624b8 Mon Sep 17 00:00:00 2001 From: fty4 Date: Fri, 25 Oct 2024 22:46:03 +0000 Subject: [PATCH 151/291] chore(release): update version to v0.1.1 --- charts/paperlessngx-backup/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-backup/Chart.yaml b/charts/paperlessngx-backup/Chart.yaml index 3e066d0..4c1c1da 100644 --- a/charts/paperlessngx-backup/Chart.yaml +++ b/charts/paperlessngx-backup/Chart.yaml @@ -16,4 +16,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.1.0 +version: 0.1.1 From f5ea43af717df54fa370fefd6edc2712afbb44e3 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 00:51:39 +0200 Subject: [PATCH 152/291] fix(ci): ensure taskmedia/helm repo directory exists --- .github/workflows/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b773554..7d5bd09 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -63,6 +63,7 @@ jobs: unzip -o ./gh-pages.zip -d ./repo/ mv -f ./repo/helm-gh-pages/* ./repo rm -rf ./repo/helm-gh-pages/ + mkdir -p ./repo/${REPO_NAME} || true cp ./release/*tgz ./repo/${REPO_NAME}/ cp ./README.md ./repo/${REPO_NAME}/index.md helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo From 7d8a5e4ba81ef11005b8438e69a8f831a82b5e73 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 01:25:53 +0200 Subject: [PATCH 153/291] chore: allow to specify activeDeadlineSeconds (#4) --- charts/paperlessngx-backup/templates/cronjob.yaml | 2 +- charts/paperlessngx-backup/values.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/paperlessngx-backup/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml index dcee6ca..9c75dd8 100644 --- a/charts/paperlessngx-backup/templates/cronjob.yaml +++ b/charts/paperlessngx-backup/templates/cronjob.yaml @@ -9,7 +9,7 @@ spec: jobTemplate: spec: backoffLimit: 2 - activeDeadlineSeconds: 60 + activeDeadlineSeconds: {{ .Values.activeDeadlineSeconds }} template: metadata: name: "{{ include "plngxbackup.fullname" . }}" diff --git a/charts/paperlessngx-backup/values.yaml b/charts/paperlessngx-backup/values.yaml index 2090ac7..168fab4 100644 --- a/charts/paperlessngx-backup/values.yaml +++ b/charts/paperlessngx-backup/values.yaml @@ -17,3 +17,5 @@ ftp: user: "" password: "" path: "." + +activeDeadlineSeconds: 60 From 8090cddda017f7f989d4eaebef69a4f8157f2de5 Mon Sep 17 00:00:00 2001 From: fty4 Date: Fri, 25 Oct 2024 23:26:30 +0000 Subject: [PATCH 154/291] chore(release): update version to v0.1.2 --- charts/paperlessngx-backup/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-backup/Chart.yaml b/charts/paperlessngx-backup/Chart.yaml index 4c1c1da..6021f72 100644 --- a/charts/paperlessngx-backup/Chart.yaml +++ b/charts/paperlessngx-backup/Chart.yaml @@ -16,4 +16,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.1.1 +version: 0.1.2 From fc89225ea9c177cefee53505220121dc8f2ebfb8 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 01:30:52 +0200 Subject: [PATCH 155/291] chore: add final log message --- charts/paperlessngx-backup/templates/configmap.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/paperlessngx-backup/templates/configmap.yaml b/charts/paperlessngx-backup/templates/configmap.yaml index 68e7369..f8fdc5c 100644 --- a/charts/paperlessngx-backup/templates/configmap.yaml +++ b/charts/paperlessngx-backup/templates/configmap.yaml @@ -67,6 +67,8 @@ data: rm /backup-plngx/${FILENAME_ZIP} + echo "finished paperless-ngx backup" + {{- if .Values.encryption.enabled }} publickey.gpg: | {{- .Values.encryption.publickey | nindent 4 }} From 4b8c88465c4971186fa6743f28701995fe91d5ca Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 10:14:12 +0200 Subject: [PATCH 156/291] chore: use timeout also for ftp (#5) --- charts/paperlessngx-backup/templates/configmap.yaml | 1 + charts/paperlessngx-backup/templates/cronjob.yaml | 2 +- charts/paperlessngx-backup/values.yaml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/paperlessngx-backup/templates/configmap.yaml b/charts/paperlessngx-backup/templates/configmap.yaml index f8fdc5c..66429b0 100644 --- a/charts/paperlessngx-backup/templates/configmap.yaml +++ b/charts/paperlessngx-backup/templates/configmap.yaml @@ -56,6 +56,7 @@ data: ncftpput \ -u "${FTP_USERNAME}" \ -p "${FTP_PASSWORD}" \ + -t ${{ .Values.timeout }} \ "${FTP_HOST}" \ "${FTP_PATH}" \ "/backup-plngx/${FILENAME_ZIP}" diff --git a/charts/paperlessngx-backup/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml index 9c75dd8..a8f684b 100644 --- a/charts/paperlessngx-backup/templates/cronjob.yaml +++ b/charts/paperlessngx-backup/templates/cronjob.yaml @@ -9,7 +9,7 @@ spec: jobTemplate: spec: backoffLimit: 2 - activeDeadlineSeconds: {{ .Values.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.timeout }} template: metadata: name: "{{ include "plngxbackup.fullname" . }}" diff --git a/charts/paperlessngx-backup/values.yaml b/charts/paperlessngx-backup/values.yaml index 168fab4..27ebbf5 100644 --- a/charts/paperlessngx-backup/values.yaml +++ b/charts/paperlessngx-backup/values.yaml @@ -18,4 +18,4 @@ ftp: password: "" path: "." -activeDeadlineSeconds: 60 +timeout: 60 From 9771430727d3500a0992fea105ff2676b7e75e3f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 10:21:06 +0200 Subject: [PATCH 157/291] chore: link readme to chart (#6) --- charts/paperlessngx-backup/README.md | 1 + 1 file changed, 1 insertion(+) create mode 120000 charts/paperlessngx-backup/README.md diff --git a/charts/paperlessngx-backup/README.md b/charts/paperlessngx-backup/README.md new file mode 120000 index 0000000..fe84005 --- /dev/null +++ b/charts/paperlessngx-backup/README.md @@ -0,0 +1 @@ +../../README.md \ No newline at end of file From fe4d84f6a3a918694a772c4e3994c7eab26cdaeb Mon Sep 17 00:00:00 2001 From: fty4 Date: Sat, 26 Oct 2024 08:22:35 +0000 Subject: [PATCH 158/291] chore(release): update version to v0.2.0 --- charts/paperlessngx-backup/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-backup/Chart.yaml b/charts/paperlessngx-backup/Chart.yaml index 6021f72..0d49238 100644 --- a/charts/paperlessngx-backup/Chart.yaml +++ b/charts/paperlessngx-backup/Chart.yaml @@ -16,4 +16,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.1.2 +version: 0.2.0 From 37fb051549fcfd15246dcba7699b70915bbac18f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 11:02:00 +0200 Subject: [PATCH 159/291] chore: link readme to chart (#29) --- charts/ipsec-vpn-server/README.md | 1 + 1 file changed, 1 insertion(+) create mode 120000 charts/ipsec-vpn-server/README.md diff --git a/charts/ipsec-vpn-server/README.md b/charts/ipsec-vpn-server/README.md new file mode 120000 index 0000000..fe84005 --- /dev/null +++ b/charts/ipsec-vpn-server/README.md @@ -0,0 +1 @@ +../../README.md \ No newline at end of file From 6f6cdc186ef67c09ec27eb5f527f070a0c545d51 Mon Sep 17 00:00:00 2001 From: fty4 Date: Sat, 26 Oct 2024 09:02:47 +0000 Subject: [PATCH 160/291] chore(release): update version to v2.1.2 --- charts/ipsec-vpn-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index dda2b57..a03646a 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -14,7 +14,7 @@ sources: - https://github.com/taskmedia/helm_ipsec-vpn-server - https://github.com/taskmedia/helm type: application -version: 2.1.1 +version: 2.1.2 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 appVersion: "latest" From 5e4d4078aa63c5643bc1c9000617d5c00b38224e Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 11:21:02 +0200 Subject: [PATCH 161/291] fix: remove ftp timeout (#8) Option not supported in this ncftp version. fixes #5 --- charts/paperlessngx-backup/templates/configmap.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/paperlessngx-backup/templates/configmap.yaml b/charts/paperlessngx-backup/templates/configmap.yaml index 66429b0..f8fdc5c 100644 --- a/charts/paperlessngx-backup/templates/configmap.yaml +++ b/charts/paperlessngx-backup/templates/configmap.yaml @@ -56,7 +56,6 @@ data: ncftpput \ -u "${FTP_USERNAME}" \ -p "${FTP_PASSWORD}" \ - -t ${{ .Values.timeout }} \ "${FTP_HOST}" \ "${FTP_PATH}" \ "/backup-plngx/${FILENAME_ZIP}" From a9f4226985853a907dd194f43a51ecf4fc7a855b Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 11:22:14 +0200 Subject: [PATCH 162/291] feat: use secret for ftp pw (#7) --- charts/paperlessngx-backup/templates/cronjob.yaml | 5 ++++- charts/paperlessngx-backup/templates/secret.yaml | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 charts/paperlessngx-backup/templates/secret.yaml diff --git a/charts/paperlessngx-backup/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml index a8f684b..62ee030 100644 --- a/charts/paperlessngx-backup/templates/cronjob.yaml +++ b/charts/paperlessngx-backup/templates/cronjob.yaml @@ -32,7 +32,10 @@ spec: - name: FTP_USERNAME value: "{{ .Values.ftp.user }}" - name: FTP_PASSWORD - value: "{{ .Values.ftp.password }}" + valueFrom: + secretKeyRef: + name: {{ include "plngxbackup.fullname" . }} + key: ftp-password - name: FTP_PATH value: "{{ .Values.ftp.path }}" volumeMounts: diff --git a/charts/paperlessngx-backup/templates/secret.yaml b/charts/paperlessngx-backup/templates/secret.yaml new file mode 100644 index 0000000..699f93d --- /dev/null +++ b/charts/paperlessngx-backup/templates/secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ include "plngxbackup.fullname" . }}" +type: Opaque +stringData: + ftp-password: "{{ .Values.ftp.password }}" From 55d59a65e82743bf852916b6b43e76e7f59517fe Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 11:14:21 +0200 Subject: [PATCH 163/291] chore: add ttlSecondsAfterFinished value --- charts/paperlessngx-backup/templates/cronjob.yaml | 1 + charts/paperlessngx-backup/values.yaml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/charts/paperlessngx-backup/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml index 62ee030..54a685b 100644 --- a/charts/paperlessngx-backup/templates/cronjob.yaml +++ b/charts/paperlessngx-backup/templates/cronjob.yaml @@ -10,6 +10,7 @@ spec: spec: backoffLimit: 2 activeDeadlineSeconds: {{ .Values.timeout }} + ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished }} template: metadata: name: "{{ include "plngxbackup.fullname" . }}" diff --git a/charts/paperlessngx-backup/values.yaml b/charts/paperlessngx-backup/values.yaml index 27ebbf5..da5f17b 100644 --- a/charts/paperlessngx-backup/values.yaml +++ b/charts/paperlessngx-backup/values.yaml @@ -19,3 +19,6 @@ ftp: path: "." timeout: 60 + +# Retain pods for 1 day after job completion +ttlSecondsAfterFinished: 86400 From 4296da01d1bc887c604bf389db885342610bb6c5 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 11:16:33 +0200 Subject: [PATCH 164/291] chore: add values comments --- charts/paperlessngx-backup/values.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/paperlessngx-backup/values.yaml b/charts/paperlessngx-backup/values.yaml index da5f17b..2d32e7e 100644 --- a/charts/paperlessngx-backup/values.yaml +++ b/charts/paperlessngx-backup/values.yaml @@ -1,9 +1,11 @@ -# Runs every week (Sunday at 2 AM) +# schedule to run backups (default: every week, sunday at 02:00) cron: "0 2 * * 0" paperless: + # pod name of the paperless-ngx to be backed up podname: paperless-ngx-0 +# encrypt your backup before sending to FTP with your public gpg key encryption: enabled: false publickey: | @@ -12,12 +14,14 @@ encryption: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZab -----END PGP PUBLIC KEY BLOCK----- +# ftp configuration to upload backup to ftp: host: "" user: "" password: "" path: "." +# timeout for the job to complete backup timeout: 60 # Retain pods for 1 day after job completion From 3df4cc8c8f3ad4c425c0c274804aab71c74a137d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 11:18:21 +0200 Subject: [PATCH 165/291] chore: add image to values --- charts/paperlessngx-backup/templates/cronjob.yaml | 2 +- charts/paperlessngx-backup/values.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/paperlessngx-backup/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml index 54a685b..90c0d48 100644 --- a/charts/paperlessngx-backup/templates/cronjob.yaml +++ b/charts/paperlessngx-backup/templates/cronjob.yaml @@ -22,7 +22,7 @@ spec: serviceAccountName: {{ include "plngxbackup.fullname" . }} containers: - name: backup - image: ghcr.io/taskmedia/kubectl-gpg-ncftp:main + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} securityContext: runAsUser: 65534 runAsGroup: 65534 diff --git a/charts/paperlessngx-backup/values.yaml b/charts/paperlessngx-backup/values.yaml index 2d32e7e..3853bfb 100644 --- a/charts/paperlessngx-backup/values.yaml +++ b/charts/paperlessngx-backup/values.yaml @@ -21,6 +21,11 @@ ftp: password: "" path: "." +# image used for backup +image: + repository: ghcr.io/taskmedia/kubectl-gpg-ncftp + tag: main + # timeout for the job to complete backup timeout: 60 From 09129b6cbd683a6ed5a2ddfe20fb37047b4f37b9 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 11:20:09 +0200 Subject: [PATCH 166/291] chore: move securityContext to values required if image can be specified --- charts/paperlessngx-backup/templates/cronjob.yaml | 4 +--- charts/paperlessngx-backup/values.yaml | 5 +++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/paperlessngx-backup/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml index 90c0d48..4b923a2 100644 --- a/charts/paperlessngx-backup/templates/cronjob.yaml +++ b/charts/paperlessngx-backup/templates/cronjob.yaml @@ -23,9 +23,7 @@ spec: containers: - name: backup image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - securityContext: - runAsUser: 65534 - runAsGroup: 65534 + securityContext: {{ .Values.securityContext | toYaml | nindent 16 }} command: ["sh", "-c", "/scripts/backup.sh"] env: - name: FTP_HOST diff --git a/charts/paperlessngx-backup/values.yaml b/charts/paperlessngx-backup/values.yaml index 3853bfb..bd60bf9 100644 --- a/charts/paperlessngx-backup/values.yaml +++ b/charts/paperlessngx-backup/values.yaml @@ -26,6 +26,11 @@ image: repository: ghcr.io/taskmedia/kubectl-gpg-ncftp tag: main +# securitycontext for image +securityContext: + runAsUser: 65534 + runAsGroup: 65534 + # timeout for the job to complete backup timeout: 60 From 2292531cc7ca36ce80cad196514ab585b0aecbd6 Mon Sep 17 00:00:00 2001 From: fty4 Date: Sat, 26 Oct 2024 09:27:29 +0000 Subject: [PATCH 167/291] chore(release): update version to v1.0.0 --- charts/paperlessngx-backup/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-backup/Chart.yaml b/charts/paperlessngx-backup/Chart.yaml index 0d49238..7a9b48a 100644 --- a/charts/paperlessngx-backup/Chart.yaml +++ b/charts/paperlessngx-backup/Chart.yaml @@ -16,4 +16,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.2.0 +version: 1.0.0 From e7500484df825f9aa11d1ab905020c5bd4eb7c3d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 12:13:35 +0200 Subject: [PATCH 168/291] chore: init gomod --- go.mod | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 go.mod diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..0d2e52e --- /dev/null +++ b/go.mod @@ -0,0 +1,3 @@ +module github.com/taskmedia/ftp-paperlessngx-bridge + +go 1.23.1 From 0801f16b378b43e75792b9fcf3f4e6e1e80f5af9 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 26 Oct 2024 12:13:54 +0200 Subject: [PATCH 169/291] chore: add generated script fully generated from copilot, not tested --- ftp-paperless-bridge.go | 93 +++++++++++++++++++++++++++++++++++++++++ go.mod | 8 ++++ go.sum | 10 +++++ 3 files changed, 111 insertions(+) create mode 100644 ftp-paperless-bridge.go create mode 100644 go.sum diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go new file mode 100644 index 0000000..e43360e --- /dev/null +++ b/ftp-paperless-bridge.go @@ -0,0 +1,93 @@ +package main + +import ( + "bytes" + "log" + "os" + "path/filepath" + + "github.com/go-resty/resty/v2" + "github.com/jlaffaye/ftp" +) + +func main() { + // Read configuration from environment variables + ftpServer := os.Getenv("FTP_SERVER") + ftpUser := os.Getenv("FTP_USER") + ftpPassword := os.Getenv("FTP_PASSWORD") + apiURL := os.Getenv("API_URL") + apiToken := os.Getenv("API_TOKEN") + + if ftpServer == "" || ftpUser == "" || ftpPassword == "" || apiURL == "" || apiToken == "" { + log.Fatalf("One or more required environment variables are missing") + } + + // Connect to FTP server + conn, err := ftp.Dial(ftpServer) + if err != nil { + log.Fatalf("Failed to connect to FTP server: %v", err) + } + defer conn.Quit() + + // Login to FTP server + err = conn.Login(ftpUser, ftpPassword) + if err != nil { + log.Fatalf("Failed to login to FTP server: %v", err) + } + + // List files in the FTP server root directory + entries, err := conn.List("/") + if err != nil { + log.Fatalf("Failed to list files on FTP server: %v", err) + } + + // Create a Resty client + client := resty.New() + + // Iterate over the files and process .pdf files + for _, entry := range entries { + if entry.Type == ftp.EntryTypeFile && filepath.Ext(entry.Name) == ".pdf" { + log.Printf("Detected PDF file: %s", entry.Name) + + // Download the file from FTP server + resp, err := conn.Retr(entry.Name) + if err != nil { + log.Printf("Failed to retrieve file %s: %v", entry.Name, err) + continue + } + + buf := new(bytes.Buffer) + buf.ReadFrom(resp) + resp.Close() + + // Upload the file to the Paperless-ngx API + apiResp, err := client.R(). + SetHeader("Authorization", "Token "+apiToken). + SetFileReader("document", entry.Name, buf). + Post(apiURL) + + if err != nil { + log.Printf("Failed to upload file %s to API: %v", entry.Name, err) + continue + } + + if apiResp.IsError() { + log.Printf("API returned an error for file %s: %s", entry.Name, apiResp.Status()) + continue + } + + log.Printf("Successfully uploaded file %s to API", entry.Name) + + // Delete the file from FTP server + err = conn.Delete(entry.Name) + if err != nil { + log.Printf("Failed to delete file %s from FTP server: %v", entry.Name, err) + continue + } + + log.Printf("Successfully deleted file %s from FTP server", entry.Name) + } + } + + log.Println("All files processed. Exiting.") +} diff --git a/go.mod b/go.mod index 0d2e52e..ce6b826 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,11 @@ module github.com/taskmedia/ftp-paperlessngx-bridge go 1.23.1 + +require ( + github.com/go-resty/resty/v2 v2.15.3 // indirect + github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/jlaffaye/ftp v0.2.0 // indirect + golang.org/x/net v0.27.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..e946040 --- /dev/null +++ b/go.sum @@ -0,0 +1,10 @@ +github.com/go-resty/resty/v2 v2.15.3 h1:bqff+hcqAflpiF591hhJzNdkRsFhlB96CYfBwSFvql8= +github.com/go-resty/resty/v2 v2.15.3/go.mod h1:0fHAoK7JoBy/Ch36N8VFeMsK7xQOHhvWaC3iOktwmIU= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/jlaffaye/ftp v0.2.0 h1:lXNvW7cBu7R/68bknOX3MrRIIqZ61zELs1P2RAiA3lg= +github.com/jlaffaye/ftp v0.2.0/go.mod h1:is2Ds5qkhceAPy2xD6RLI6hmp/qysSoymZ+Z2uTnspI= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= From 4cf1346645076dd0ab66308422258dd3b3434d70 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 11:30:00 +0100 Subject: [PATCH 170/291] chore: catch if file is not pdf --- ftp-paperless-bridge.go | 82 +++++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 40 deletions(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index e43360e..e227999 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -46,47 +46,49 @@ func main() { // Iterate over the files and process .pdf files for _, entry := range entries { - if entry.Type == ftp.EntryTypeFile && filepath.Ext(entry.Name) == ".pdf" { - log.Printf("Detected PDF file: %s", entry.Name) - - // Download the file from FTP server - resp, err := conn.Retr(entry.Name) - if err != nil { - log.Printf("Failed to retrieve file %s: %v", entry.Name, err) - continue - } - - buf := new(bytes.Buffer) - buf.ReadFrom(resp) - resp.Close() - - // Upload the file to the Paperless-ngx API - apiResp, err := client.R(). - SetHeader("Authorization", "Token "+apiToken). - SetFileReader("document", entry.Name, buf). - Post(apiURL) - - if err != nil { - log.Printf("Failed to upload file %s to API: %v", entry.Name, err) - continue - } - - if apiResp.IsError() { - log.Printf("API returned an error for file %s: %s", entry.Name, apiResp.Status()) - continue - } - - log.Printf("Successfully uploaded file %s to API", entry.Name) - - // Delete the file from FTP server - err = conn.Delete(entry.Name) - if err != nil { - log.Printf("Failed to delete file %s from FTP server: %v", entry.Name, err) - continue - } - - log.Printf("Successfully deleted file %s from FTP server", entry.Name) + if entry.Type != ftp.EntryTypeFile || filepath.Ext(entry.Name) != ".pdf" { + log.Printf("Skipping file: %s", entry.Name) + continue } + log.Printf("Detected PDF file: %s", entry.Name) + + // Download the file from FTP server + resp, err := conn.Retr(entry.Name) + if err != nil { + log.Printf("Failed to retrieve file %s: %v", entry.Name, err) + continue + } + + buf := new(bytes.Buffer) + buf.ReadFrom(resp) + resp.Close() + + // Upload the file to the Paperless-ngx API + apiResp, err := client.R(). + SetHeader("Authorization", "Token "+apiToken). + SetFileReader("document", entry.Name, buf). + Post(apiURL) + + if err != nil { + log.Printf("Failed to upload file %s to API: %v", entry.Name, err) + continue + } + + if apiResp.IsError() { + log.Printf("API returned an error for file %s: %s", entry.Name, apiResp.Status()) + continue + } + + log.Printf("Successfully uploaded file %s to API", entry.Name) + + // Delete the file from FTP server + err = conn.Delete(entry.Name) + if err != nil { + log.Printf("Failed to delete file %s from FTP server: %v", entry.Name, err) + continue + } + + log.Printf("Successfully deleted file %s from FTP server", entry.Name) } log.Println("All files processed. Exiting.") From 7b220fa9581f7a44837171f8eee5b0b9c24bd2ba Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 11:34:54 +0100 Subject: [PATCH 171/291] chore: use username/password instead api token for pl auth --- ftp-paperless-bridge.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index e227999..1bc8281 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -16,9 +16,10 @@ func main() { ftpUser := os.Getenv("FTP_USER") ftpPassword := os.Getenv("FTP_PASSWORD") apiURL := os.Getenv("API_URL") - apiToken := os.Getenv("API_TOKEN") + apiUser := os.Getenv("API_USER") + apiPassword := os.Getenv("API_PASSWORD") - if ftpServer == "" || ftpUser == "" || ftpPassword == "" || apiURL == "" || apiToken == "" { + if ftpServer == "" || ftpUser == "" || ftpPassword == "" || apiURL == "" || apiUser == "" || apiPassword == "" { log.Fatalf("One or more required environment variables are missing") } @@ -65,7 +66,7 @@ func main() { // Upload the file to the Paperless-ngx API apiResp, err := client.R(). - SetHeader("Authorization", "Token "+apiToken). + SetBasicAuth(apiUser, apiPassword). SetFileReader("document", entry.Name, buf). Post(apiURL) From b0630ad7f81e1a90f07ea9a11878cf361942e40b Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 11:36:36 +0100 Subject: [PATCH 172/291] chore: rename envs to paperless --- ftp-paperless-bridge.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 1bc8281..36c4f08 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -15,11 +15,12 @@ func main() { ftpServer := os.Getenv("FTP_SERVER") ftpUser := os.Getenv("FTP_USER") ftpPassword := os.Getenv("FTP_PASSWORD") - apiURL := os.Getenv("API_URL") - apiUser := os.Getenv("API_USER") - apiPassword := os.Getenv("API_PASSWORD") + paperlessUrl := os.Getenv("PAPERLESS_URL") + paperlessUser := os.Getenv("PAPERLESS_USER") + paperlessPassword := os.Getenv("PAPERLESS_PASSWORD") + paperlessApiUrl := paperlessUrl + "/api/documents/post_document/" - if ftpServer == "" || ftpUser == "" || ftpPassword == "" || apiURL == "" || apiUser == "" || apiPassword == "" { + if ftpServer == "" || ftpUser == "" || ftpPassword == "" || paperlessUrl == "" || paperlessUser == "" || paperlessPassword == "" { log.Fatalf("One or more required environment variables are missing") } @@ -66,9 +67,9 @@ func main() { // Upload the file to the Paperless-ngx API apiResp, err := client.R(). - SetBasicAuth(apiUser, apiPassword). + SetBasicAuth(paperlessUser, paperlessPassword). SetFileReader("document", entry.Name, buf). - Post(apiURL) + Post(paperlessApiUrl) if err != nil { log.Printf("Failed to upload file %s to API: %v", entry.Name, err) From 9d0e8a2d66305d4fa8ab0da731d7286af3f7d855 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 12:21:42 +0100 Subject: [PATCH 173/291] chore: add .env to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env From c4245aeb9148661212bb9fd44dc3383dbee4feec Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 12:49:38 +0100 Subject: [PATCH 174/291] chore: use tls for ftp copilot generated --- ftp-paperless-bridge.go | 8 ++++++-- go.mod | 7 +++++-- go.sum | 10 ++++++++++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 36c4f08..00730f7 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -2,9 +2,11 @@ package main import ( "bytes" + "crypto/tls" "log" "os" "path/filepath" + "time" "github.com/go-resty/resty/v2" "github.com/jlaffaye/ftp" @@ -24,8 +26,10 @@ func main() { log.Fatalf("One or more required environment variables are missing") } - // Connect to FTP server - conn, err := ftp.Dial(ftpServer) + // Establish FTP connection with explicit SSL/TLS + conn, err := ftp.Dial(ftpServer, ftp.DialWithTimeout(5*time.Second), ftp.DialWithTLS(&tls.Config{ + InsecureSkipVerify: true, + })) if err != nil { log.Fatalf("Failed to connect to FTP server: %v", err) } diff --git a/go.mod b/go.mod index ce6b826..fc21ab5 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,12 @@ module github.com/taskmedia/ftp-paperlessngx-bridge go 1.23.1 require ( - github.com/go-resty/resty/v2 v2.15.3 // indirect + github.com/go-resty/resty/v2 v2.15.3 + github.com/jlaffaye/ftp v0.2.0 +) + +require ( github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/jlaffaye/ftp v0.2.0 // indirect golang.org/x/net v0.27.0 // indirect ) diff --git a/go.sum b/go.sum index e946040..075989d 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-resty/resty/v2 v2.15.3 h1:bqff+hcqAflpiF591hhJzNdkRsFhlB96CYfBwSFvql8= github.com/go-resty/resty/v2 v2.15.3/go.mod h1:0fHAoK7JoBy/Ch36N8VFeMsK7xQOHhvWaC3iOktwmIU= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -6,5 +8,13 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/jlaffaye/ftp v0.2.0 h1:lXNvW7cBu7R/68bknOX3MrRIIqZ61zELs1P2RAiA3lg= github.com/jlaffaye/ftp v0.2.0/go.mod h1:is2Ds5qkhceAPy2xD6RLI6hmp/qysSoymZ+Z2uTnspI= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From 3cbe444167188cb5df55d2b9ae9e19c891e4cbd7 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 12:51:51 +0100 Subject: [PATCH 175/291] chore: tls explicit --- ftp-paperless-bridge.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 00730f7..4640d35 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -27,7 +27,7 @@ func main() { } // Establish FTP connection with explicit SSL/TLS - conn, err := ftp.Dial(ftpServer, ftp.DialWithTimeout(5*time.Second), ftp.DialWithTLS(&tls.Config{ + conn, err := ftp.Dial(ftpServer, ftp.DialWithTimeout(5*time.Second), ftp.DialWithExplicitTLS(&tls.Config{ InsecureSkipVerify: true, })) if err != nil { From 4d81613ef50dec88163c44a1ffdeb3e72152eabc Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 13:21:13 +0100 Subject: [PATCH 176/291] feat: add Dockerfile --- Dockerfile | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..272eef8 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM golang:1.23-alpine AS builder +WORKDIR /app +COPY go.mod go.sum ./ +RUN go mod download +COPY *.go . +RUN go build -o ftp-paperless-bridge . + +FROM scratch +COPY --from=builder /app/ftp-paperless-bridge /ftp-paperless-bridge +CMD ["/ftp-paperless-bridge"] From 06aba2119931e6029753ad844206414fc68aee38 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 13:30:51 +0100 Subject: [PATCH 177/291] chore: init Helm chart --- charts/plngxftpbridge/.helmignore | 23 +++++++ charts/plngxftpbridge/Chart.yaml | 7 +++ charts/plngxftpbridge/templates/_helpers.tpl | 62 +++++++++++++++++++ .../templates/tests/test-connection.yaml | 15 +++++ charts/plngxftpbridge/values.yaml | 0 5 files changed, 107 insertions(+) create mode 100644 charts/plngxftpbridge/.helmignore create mode 100644 charts/plngxftpbridge/Chart.yaml create mode 100644 charts/plngxftpbridge/templates/_helpers.tpl create mode 100644 charts/plngxftpbridge/templates/tests/test-connection.yaml create mode 100644 charts/plngxftpbridge/values.yaml diff --git a/charts/plngxftpbridge/.helmignore b/charts/plngxftpbridge/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/plngxftpbridge/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/plngxftpbridge/Chart.yaml b/charts/plngxftpbridge/Chart.yaml new file mode 100644 index 0000000..6e341a8 --- /dev/null +++ b/charts/plngxftpbridge/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: plngxftpbridge +description: A Helm chart to upload files to from a FTP (TLS) server to paperless-ngx + +type: application + +version: 0.1.0 diff --git a/charts/plngxftpbridge/templates/_helpers.tpl b/charts/plngxftpbridge/templates/_helpers.tpl new file mode 100644 index 0000000..d121efe --- /dev/null +++ b/charts/plngxftpbridge/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "plngxftpbridge.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "plngxftpbridge.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "plngxftpbridge.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "plngxftpbridge.labels" -}} +helm.sh/chart: {{ include "plngxftpbridge.chart" . }} +{{ include "plngxftpbridge.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "plngxftpbridge.selectorLabels" -}} +app.kubernetes.io/name: {{ include "plngxftpbridge.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "plngxftpbridge.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "plngxftpbridge.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/plngxftpbridge/templates/tests/test-connection.yaml b/charts/plngxftpbridge/templates/tests/test-connection.yaml new file mode 100644 index 0000000..1bf49a3 --- /dev/null +++ b/charts/plngxftpbridge/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "plngxftpbridge.fullname" . }}-test-connection" + labels: + {{- include "plngxftpbridge.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "plngxftpbridge.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/plngxftpbridge/values.yaml b/charts/plngxftpbridge/values.yaml new file mode 100644 index 0000000..e69de29 From f67620436800eb0b50ce3a0daa63d4c86055d6a5 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 13:42:48 +0100 Subject: [PATCH 178/291] chore: rename module --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index fc21ab5..0653bcc 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/taskmedia/ftp-paperlessngx-bridge +module github.com/taskmedia/helm_paperlessngx-ftp-bridge go 1.23.1 From 1f059b5d020c86982f69422e4dbf7722235775c7 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 19:46:10 +0100 Subject: [PATCH 179/291] chore: rm Helm test --- .../templates/tests/test-connection.yaml | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 charts/plngxftpbridge/templates/tests/test-connection.yaml diff --git a/charts/plngxftpbridge/templates/tests/test-connection.yaml b/charts/plngxftpbridge/templates/tests/test-connection.yaml deleted file mode 100644 index 1bf49a3..0000000 --- a/charts/plngxftpbridge/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "plngxftpbridge.fullname" . }}-test-connection" - labels: - {{- include "plngxftpbridge.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "plngxftpbridge.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never From 56cbc3e770f28491922d50850d55bf5d5b71cd33 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 27 Oct 2024 20:05:15 +0100 Subject: [PATCH 180/291] chore: rename ftpServer to ftpHost --- ftp-paperless-bridge.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 4640d35..9d0e379 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -14,7 +14,7 @@ import ( func main() { // Read configuration from environment variables - ftpServer := os.Getenv("FTP_SERVER") + ftpHost := os.Getenv("FTP_HOST") ftpUser := os.Getenv("FTP_USER") ftpPassword := os.Getenv("FTP_PASSWORD") paperlessUrl := os.Getenv("PAPERLESS_URL") @@ -22,12 +22,12 @@ func main() { paperlessPassword := os.Getenv("PAPERLESS_PASSWORD") paperlessApiUrl := paperlessUrl + "/api/documents/post_document/" - if ftpServer == "" || ftpUser == "" || ftpPassword == "" || paperlessUrl == "" || paperlessUser == "" || paperlessPassword == "" { + if ftpHost == "" || ftpUser == "" || ftpPassword == "" || paperlessUrl == "" || paperlessUser == "" || paperlessPassword == "" { log.Fatalf("One or more required environment variables are missing") } // Establish FTP connection with explicit SSL/TLS - conn, err := ftp.Dial(ftpServer, ftp.DialWithTimeout(5*time.Second), ftp.DialWithExplicitTLS(&tls.Config{ + conn, err := ftp.Dial(ftpHost, ftp.DialWithTimeout(5*time.Second), ftp.DialWithExplicitTLS(&tls.Config{ InsecureSkipVerify: true, })) if err != nil { From 0620deef5ad4912bf66dafe9be54b87c318701bc Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 07:56:57 +0100 Subject: [PATCH 181/291] chore: rename ftpUser to ftpUsername --- ftp-paperless-bridge.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 9d0e379..0ef1d9f 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -15,14 +15,14 @@ import ( func main() { // Read configuration from environment variables ftpHost := os.Getenv("FTP_HOST") - ftpUser := os.Getenv("FTP_USER") + ftpUsername := os.Getenv("FTP_USERNAME") ftpPassword := os.Getenv("FTP_PASSWORD") paperlessUrl := os.Getenv("PAPERLESS_URL") paperlessUser := os.Getenv("PAPERLESS_USER") paperlessPassword := os.Getenv("PAPERLESS_PASSWORD") paperlessApiUrl := paperlessUrl + "/api/documents/post_document/" - if ftpHost == "" || ftpUser == "" || ftpPassword == "" || paperlessUrl == "" || paperlessUser == "" || paperlessPassword == "" { + if ftpHost == "" || ftpUsername == "" || ftpPassword == "" || paperlessUrl == "" || paperlessUser == "" || paperlessPassword == "" { log.Fatalf("One or more required environment variables are missing") } @@ -36,7 +36,7 @@ func main() { defer conn.Quit() // Login to FTP server - err = conn.Login(ftpUser, ftpPassword) + err = conn.Login(ftpUsername, ftpPassword) if err != nil { log.Fatalf("Failed to login to FTP server: %v", err) } From 5a37da74323ae6d8ce2a79d5d955c264208943a7 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 07:59:41 +0100 Subject: [PATCH 182/291] feat: add ftpPath --- ftp-paperless-bridge.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 0ef1d9f..d8b7593 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -17,6 +17,7 @@ func main() { ftpHost := os.Getenv("FTP_HOST") ftpUsername := os.Getenv("FTP_USERNAME") ftpPassword := os.Getenv("FTP_PASSWORD") + ftpPath := os.Getenv("FTP_PATH") paperlessUrl := os.Getenv("PAPERLESS_URL") paperlessUser := os.Getenv("PAPERLESS_USER") paperlessPassword := os.Getenv("PAPERLESS_PASSWORD") @@ -42,7 +43,7 @@ func main() { } // List files in the FTP server root directory - entries, err := conn.List("/") + entries, err := conn.List(ftpPath) if err != nil { log.Fatalf("Failed to list files on FTP server: %v", err) } From c75ea7fb9b341d1159047662b05ff57e9255a86f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 08:10:38 +0100 Subject: [PATCH 183/291] chore: add main chart template --- charts/plngxftpbridge/templates/cronjob.yaml | 45 ++++++++++++++++++++ charts/plngxftpbridge/templates/secrets.yaml | 8 ++++ charts/plngxftpbridge/values.yaml | 27 ++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 charts/plngxftpbridge/templates/cronjob.yaml create mode 100644 charts/plngxftpbridge/templates/secrets.yaml diff --git a/charts/plngxftpbridge/templates/cronjob.yaml b/charts/plngxftpbridge/templates/cronjob.yaml new file mode 100644 index 0000000..913f84f --- /dev/null +++ b/charts/plngxftpbridge/templates/cronjob.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: "{{ include "plngxftpbridge.fullname" . }}" +spec: + schedule: "{{ .Values.cron }}" + successfulJobsHistoryLimit: 2 + failedJobsHistoryLimit: 2 + jobTemplate: + spec: + backoffLimit: 2 + activeDeadlineSeconds: {{ .Values.activeDeadlineSeconds }} + ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished }} + template: + metadata: + name: "{{ include "plngxftpbridge.fullname" . }}" + labels: + app: "{{ include "plngxftpbridge.fullname" . }}" + spec: + serviceAccountName: {{ include "plngxftpbridge.fullname" . }} + containers: + - name: backup + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + env: + - name: FTP_HOST + value: "{{ .Values.ftp.host }}" + - name: FTP_USERNAME + value: "{{ .Values.ftp.user }}" + - name: FTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "plngxftpbridge.fullname" . }} + key: ftp-password + - name: FTP_PATH + value: "{{ .Values.ftp.path }}" + - name: PAPERLESS_URL + value: "{{ .Values.paperless.url }}" + - name: PAPERLESS_USER + value: "{{ .Values.paperless.username }}" + - name: PAPERLESS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "plngxftpbridge.fullname" . }} + key: paperless-password + restartPolicy: OnFailure diff --git a/charts/plngxftpbridge/templates/secrets.yaml b/charts/plngxftpbridge/templates/secrets.yaml new file mode 100644 index 0000000..b792c2d --- /dev/null +++ b/charts/plngxftpbridge/templates/secrets.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ include "plngxftpbridge.fullname" . }}" +type: Opaque +stringData: + ftp-password: {{ .Values.ftp.password }} + paperless-password: {{ .Values.paperless.password }} diff --git a/charts/plngxftpbridge/values.yaml b/charts/plngxftpbridge/values.yaml index e69de29..f523c1e 100644 --- a/charts/plngxftpbridge/values.yaml +++ b/charts/plngxftpbridge/values.yaml @@ -0,0 +1,27 @@ +# schedule to check for new documents every 5 minutes +cron: "*/5 * * * *" + +# ftp configuration where to fetch the documents +ftp: + host: "" + user: "" + password: "" + path: "." + +# paperless-ngx configuration to send documents to +paperless: + # host with protocol but no API endpoint + host: "http://localhost:8000" + username: "" + password: "" + +# image used for bridge +image: + repository: ghcr.io/taskmedia/paperless-ftp-bridge + tag: main + +# timeout for the job to complete backup +activeDeadlineSeconds: 60 + +# Retain pods for 1 day after job completion +ttlSecondsAfterFinished: 86400 From dd17a7d31dd335512e46b3cbd0492a829654072d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 08:24:43 +0100 Subject: [PATCH 184/291] chore: add build image wf --- .github/workflows/build-image.yaml | 97 ++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 .github/workflows/build-image.yaml diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml new file mode 100644 index 0000000..d12a355 --- /dev/null +++ b/.github/workflows/build-image.yaml @@ -0,0 +1,97 @@ +name: Build image + +on: + workflow_dispatch: + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: taskmedia/paperless-ftp-bridge + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Login to GitHub Container Registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Docker Hub + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + with: + context: . + platforms: | + linux/386 + linux/amd64 + linux/arm64 + linux/ppc64le + tags: | + ${{ steps.meta.outputs.tags }} + ghcr.io/taskmedia/paperless-ftp-bridge:latest + fty4/paperless-ftp-bridge:main + fty4/paperless-ftp-bridge:latest + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes --tlog-upload=false {}@${{ steps.build-and-push.outputs.digest }} + + # Clean up legacy images from ghcr.io + - uses: actions/delete-package-versions@v5 + with: + package-name: ${{ env.IMAGE_NAME }} + package-type: "container" + min-versions-to-keep: 100 + delete-only-untagged-versions: "true" From 9478711296cfeb73966db0a90265d392ae9d80b5 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 08:40:24 +0100 Subject: [PATCH 185/291] chore(ci): enable push for build-image wf --- .github/workflows/build-image.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index d12a355..a3d6861 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -67,6 +67,7 @@ jobs: linux/amd64 linux/arm64 linux/ppc64le + push: ${{ github.event_name != 'pull_request' }} tags: | ${{ steps.meta.outputs.tags }} ghcr.io/taskmedia/paperless-ftp-bridge:latest From 6e01ce36f4961c70f8e9ad3cc3a8a2cd2301e815 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 08:53:36 +0100 Subject: [PATCH 186/291] fix(ci): fix package-name for delete pkg --- .github/workflows/build-image.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index a3d6861..29a3cf8 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -89,10 +89,15 @@ jobs: # against the sigstore community Fulcio instance. run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes --tlog-upload=false {}@${{ steps.build-and-push.outputs.digest }} + - name: Get repository name + env: + REPOSITORY_NAME: ${{ env.IMAGE_NAME }} + run: echo "REPOSITORY_NAME=${REPOSITORY_NAME#*/}" >> $GITHUB_ENV + # Clean up legacy images from ghcr.io - uses: actions/delete-package-versions@v5 with: - package-name: ${{ env.IMAGE_NAME }} + package-name: ${{ env.REPOSITORY_NAME }} package-type: "container" min-versions-to-keep: 100 delete-only-untagged-versions: "true" From 822c02e8bc79ca11e3a77e0827e524162a9fa930 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:02:51 +0100 Subject: [PATCH 187/291] chore(ci): add test-helm wf --- .github/workflows/test-helm.yaml | 51 ++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/test-helm.yaml diff --git a/.github/workflows/test-helm.yaml b/.github/workflows/test-helm.yaml new file mode 100644 index 0000000..ff1eb1c --- /dev/null +++ b/.github/workflows/test-helm.yaml @@ -0,0 +1,51 @@ +name: Lint and Test Charts + +on: + pull_request: + + workflow_dispatch: + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.10.0 + + - uses: actions/setup-python@v5 + with: + python-version: "3.9" + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> $GITHUB_OUTPUT + fi + + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: | + ct lint \ + --check-version-increment=false \ + --target-branch ${{ github.event.repository.default_branch }} + + - name: Create kind cluster + uses: helm/kind-action@v1.10.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + if: steps.list-changed.outputs.changed == 'true' + run: ct install --all --chart-dirs charts From 1b17f7f25a01973723b85796637554940c7042f0 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:05:28 +0100 Subject: [PATCH 188/291] chore(ci): add test-golang wf --- .github/workflows/test-go.yaml | 94 ++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 .github/workflows/test-go.yaml diff --git a/.github/workflows/test-go.yaml b/.github/workflows/test-go.yaml new file mode 100644 index 0000000..01092a9 --- /dev/null +++ b/.github/workflows/test-go.yaml @@ -0,0 +1,94 @@ +name: test + +on: + push: + branches: + - main + pull_request: + +jobs: + cross: + name: test + runs-on: ${{ matrix.os }} + env: + GO_VERSION: 1.23.1 + GOLANGCI_LINT_VERSION: v1.61.0 + # YAEGI_VERSION: v0.16.1 + # YAEGI_UNSAFE: 1 + CGO_ENABLED: 0 + defaults: + run: + working-directory: ${{ github.workspace }}/go/src/github.com/${{ github.repository }} + + strategy: + matrix: + go-version: [1.23.1, 1.x] + os: [ubuntu-latest, macos-latest] + + steps: + # https://github.com/marketplace/actions/setup-go-environment + - name: Set up Go ${{ matrix.go-version }} + uses: actions/setup-go@v5 + with: + go-version: ${{ matrix.go-version }} + + # https://github.com/marketplace/actions/checkout + - name: Check out code + uses: actions/checkout@v4 + with: + path: go/src/github.com/${{ github.repository }} + fetch-depth: 0 + + # https://github.com/marketplace/actions/cache + - name: Cache Go modules + uses: actions/cache@v4 + with: + # In order: + # * Module download cache + # * Build cache (Linux) + # * Build cache (Mac) + # * Build cache (Windows) + path: | + ~/go/pkg/mod + ~/.cache/go-build + ~/Library/Caches/go-build + %LocalAppData%\go-build + key: ${{ runner.os }}-${{ matrix.go-version }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-${{ matrix.go-version }}-go- + + # https://golangci-lint.run/usage/install#other-ci + - name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }} + run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION} + + # - name: Install Yaegi ${{ env.YAEGI_VERSION }} + # run: curl -sfL https://raw.githubusercontent.com/traefik/yaegi/master/install.sh | bash -s -- -b $(go env GOPATH)/bin ${YAEGI_VERSION} + + - name: Setup GOPATH + run: go env -w GOPATH=${{ github.workspace }}/go + + - name: Check and get dependencies + run: | + go mod tidy + git diff --exit-code go.mod + # git diff --exit-code go.sum + go mod download + go mod vendor + # git diff --exit-code ./vendor/ + cp -R vendor/ ${{ github.workspace }}/go/src/ + + - name: Lint and Tests + run: make + + - name: Coverage report + run: go test -coverprofile=coverage.txt + + - name: Upload results to Codecov + uses: codecov/codecov-action@v4 + with: + token: ${{ secrets.CODECOV_TOKEN }} + + # - name: Run tests with Yaegi + # run: make yaegi_test + # env: + # GOPATH: ${{ github.workspace }}/go From 74e9d053a8868aaecf33df121861b60e56c96852 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:08:07 +0100 Subject: [PATCH 189/291] chore(lint): check return value conn.Quit --- ftp-paperless-bridge.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index d8b7593..3dbb685 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -34,7 +34,11 @@ func main() { if err != nil { log.Fatalf("Failed to connect to FTP server: %v", err) } - defer conn.Quit() + defer func() { + if err := conn.Quit(); err != nil { + log.Printf("Failed to close FTP connection: %v", err) + } + }() // Login to FTP server err = conn.Login(ftpUsername, ftpPassword) From 4a602ef5e8dad361fe47adb0cd6e0abf44e91422 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:08:21 +0100 Subject: [PATCH 190/291] chore(lint): check return value buf.ReadFrom --- ftp-paperless-bridge.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 3dbb685..2cf0604 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -71,7 +71,11 @@ func main() { } buf := new(bytes.Buffer) - buf.ReadFrom(resp) + _, err = buf.ReadFrom(resp) + if err != nil { + log.Printf("Failed to read file %s: %v", entry.Name, err) + continue + } resp.Close() // Upload the file to the Paperless-ngx API From e7d8fcc75b8b4a34649a0715062c180aa98f1365 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:10:37 +0100 Subject: [PATCH 191/291] chore: add Makefile --- Makefile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..fc2ad29 --- /dev/null +++ b/Makefile @@ -0,0 +1,17 @@ +.PHONY: lint test vendor clean + +export GO111MODULE=on + +default: lint test + +lint: + golangci-lint run + +test: + go test -v -cover ./... + +vendor: + go mod vendor + +clean: + rm -rf ./vendor From 5ccf5673179b821d57edd53dd6853940d728d6cf Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:19:34 +0100 Subject: [PATCH 192/291] chore: create release wf based on build-image --- .github/workflows/build-image.yaml | 100 ++++++++++++++++++++++++++--- 1 file changed, 90 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index 29a3cf8..ee47322 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -1,23 +1,56 @@ -name: Build image - +name: Release on: - workflow_dispatch: + release: + types: [published] +jobs: + version-bump: + runs-on: ubuntu-latest + if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 -env: - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: taskmedia/paperless-ftp-bridge + - name: bump release version (Chart.yaml) + env: + TAG_NAME: ${{ github.event.release.tag_name }} + run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/paperlessngx-ftp-bridge/Chart.yaml -jobs: - build: + - name: commit version bump + uses: stefanzweifel/git-auto-commit-action@v4 + with: + branch: main + commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" + commit_options: "--no-verify" + file_pattern: charts/paperlessngx-ftp-bridge/Chart.yaml + + - name: move release tag + shell: bash + run: | + git tag --force ${{ github.event.release.tag_name }} HEAD + git push --force origin ${{ github.event.release.tag_name }} + + - name: update latest tag + shell: bash + run: | + git tag --force latest HEAD + git push --force origin latest + + build-image: runs-on: ubuntu-latest + if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' permissions: contents: read packages: write # This is used to complete the identity challenge # with sigstore/fulcio when running outside of PRs. id-token: write + env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: taskmedia/paperless-ftp-bridge steps: - name: Checkout repository @@ -101,3 +134,50 @@ jobs: package-type: "container" min-versions-to-keep: 100 delete-only-untagged-versions: "true" + + build-and-deploy: + runs-on: ubuntu-latest + if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: azure/setup-helm@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Create release binary + run: | + helm package charts/paperlessngx-ftp-bridge --destination release/ + + - name: login ghcr registry + run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin + + - name: push Helm chart to ghcr + run: helm push ./release/*tgz oci://ghcr.io/taskmedia + + - name: Update Index + env: + GH_PAGES_URL: github.com/taskmedia/helm + REPO_NAME: paperlessngx-ftp-bridge + HELM_URL: https://helm.task.media/ + run: | + rm -rf ./gh-pages.zip + rm -rf ./repo + curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip + unzip -o ./gh-pages.zip -d ./repo/ + mv -f ./repo/helm-gh-pages/* ./repo + rm -rf ./repo/helm-gh-pages/ + mkdir -p ./repo/${REPO_NAME} || true + cp ./release/*tgz ./repo/${REPO_NAME}/ + cp ./README.md ./repo/${REPO_NAME}/index.md + helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo + + - name: Deploy + uses: JamesIves/github-pages-deploy-action@v4.6.8 + with: + repository-name: taskmedia/helm + branch: gh-pages + ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} + folder: repo + clean: false From 297f3fd6073460cdeea591c384cdc6bc974ff9f6 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:19:53 +0100 Subject: [PATCH 193/291] chore: rename release wf --- .github/workflows/{build-image.yaml => release.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{build-image.yaml => release.yaml} (100%) diff --git a/.github/workflows/build-image.yaml b/.github/workflows/release.yaml similarity index 100% rename from .github/workflows/build-image.yaml rename to .github/workflows/release.yaml From 90c4f409c181ae3a4b215da5170246921e76e6a5 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:21:20 +0100 Subject: [PATCH 194/291] chore: add release tagname to pushed tags --- .github/workflows/release.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ee47322..5fd6999 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -104,8 +104,10 @@ jobs: tags: | ${{ steps.meta.outputs.tags }} ghcr.io/taskmedia/paperless-ftp-bridge:latest + ghcr.io/taskmedia/paperless-ftp-bridge:${{ github.event.release.tag_name }} fty4/paperless-ftp-bridge:main fty4/paperless-ftp-bridge:latest + fty4/paperless-ftp-bridge:${{ github.event.release.tag_name }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max From 0c54e2ee7e33b9722433c0be6cd2f8e903e56112 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:25:23 +0100 Subject: [PATCH 195/291] chore: rm root Helm ingore (#10) --- .helmignore | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 .helmignore diff --git a/.helmignore b/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ From 46129cb14935acdd465cb2c2de8b5b1de7fa040e Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:32:27 +0100 Subject: [PATCH 196/291] chore: add chart and image metadata (#1) --- Dockerfile | 10 ++++++++++ charts/plngxftpbridge/Chart.yaml | 15 ++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 272eef8..ffb5dd9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,5 +6,15 @@ COPY *.go . RUN go build -o ftp-paperless-bridge . FROM scratch + +# Image annotations +# see: https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys +LABEL org.opencontainers.image.title=paperless-ftp-bridge +LABEL org.opencontainers.image.description="uploads files to a paperless-ng instance via FTP" +LABEL org.opencontainers.image.url=https://github.com/taskmedia/helm_paperlessngx-ftp-bridge/pkgs/container/paperless-ftp-bridge +LABEL org.opencontainers.image.source=https://github.com/taskmedia/helm_paperlessngx-ftp-bridge/blob/main/Dockerfile +LABEL org.opencontainers.image.vendor=task.media +LABEL org.opencontainers.image.licenses=MIT + COPY --from=builder /app/ftp-paperless-bridge /ftp-paperless-bridge CMD ["/ftp-paperless-bridge"] diff --git a/charts/plngxftpbridge/Chart.yaml b/charts/plngxftpbridge/Chart.yaml index 6e341a8..0cf250f 100644 --- a/charts/plngxftpbridge/Chart.yaml +++ b/charts/plngxftpbridge/Chart.yaml @@ -1,6 +1,19 @@ apiVersion: v2 -name: plngxftpbridge +name: paperless-ngx-ftp-bridge description: A Helm chart to upload files to from a FTP (TLS) server to paperless-ngx +home: https://helm.task.media/paperlessngx-ftp-bridge +keywords: +- paperless-ngx +- ftp +- upload +- api +maintainers: +- name: fty4 + url: https://github.com/fty4 +sources: +- https://github.com/taskmedia/helm_paperlessngx-ftp-bridge +- https://github.com/taskmedia/helm +icon: https://media.task.media/images/logo.png type: application From fdae9f3b97dd9210b6d0dab7dce0b9d116bf5fab Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:36:53 +0100 Subject: [PATCH 197/291] fix(ci): add needs to release wf (#2) --- .github/workflows/release.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5fd6999..94b3e86 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,6 +38,7 @@ jobs: git push --force origin latest build-image: + needs: version-bump runs-on: ubuntu-latest if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' permissions: @@ -138,6 +139,7 @@ jobs: delete-only-untagged-versions: "true" build-and-deploy: + needs: build-image runs-on: ubuntu-latest if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' steps: From 1b1d6aa6e9bf416cdc0d96a3fe38d15ba2941099 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:40:50 +0100 Subject: [PATCH 198/291] chore: rename chart directory --- charts/{plngxftpbridge => paperlessngx-ftp-bridge}/.helmignore | 0 charts/{plngxftpbridge => paperlessngx-ftp-bridge}/Chart.yaml | 0 .../templates/_helpers.tpl | 0 .../templates/cronjob.yaml | 0 .../templates/secrets.yaml | 0 charts/{plngxftpbridge => paperlessngx-ftp-bridge}/values.yaml | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename charts/{plngxftpbridge => paperlessngx-ftp-bridge}/.helmignore (100%) rename charts/{plngxftpbridge => paperlessngx-ftp-bridge}/Chart.yaml (100%) rename charts/{plngxftpbridge => paperlessngx-ftp-bridge}/templates/_helpers.tpl (100%) rename charts/{plngxftpbridge => paperlessngx-ftp-bridge}/templates/cronjob.yaml (100%) rename charts/{plngxftpbridge => paperlessngx-ftp-bridge}/templates/secrets.yaml (100%) rename charts/{plngxftpbridge => paperlessngx-ftp-bridge}/values.yaml (100%) diff --git a/charts/plngxftpbridge/.helmignore b/charts/paperlessngx-ftp-bridge/.helmignore similarity index 100% rename from charts/plngxftpbridge/.helmignore rename to charts/paperlessngx-ftp-bridge/.helmignore diff --git a/charts/plngxftpbridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml similarity index 100% rename from charts/plngxftpbridge/Chart.yaml rename to charts/paperlessngx-ftp-bridge/Chart.yaml diff --git a/charts/plngxftpbridge/templates/_helpers.tpl b/charts/paperlessngx-ftp-bridge/templates/_helpers.tpl similarity index 100% rename from charts/plngxftpbridge/templates/_helpers.tpl rename to charts/paperlessngx-ftp-bridge/templates/_helpers.tpl diff --git a/charts/plngxftpbridge/templates/cronjob.yaml b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml similarity index 100% rename from charts/plngxftpbridge/templates/cronjob.yaml rename to charts/paperlessngx-ftp-bridge/templates/cronjob.yaml diff --git a/charts/plngxftpbridge/templates/secrets.yaml b/charts/paperlessngx-ftp-bridge/templates/secrets.yaml similarity index 100% rename from charts/plngxftpbridge/templates/secrets.yaml rename to charts/paperlessngx-ftp-bridge/templates/secrets.yaml diff --git a/charts/plngxftpbridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml similarity index 100% rename from charts/plngxftpbridge/values.yaml rename to charts/paperlessngx-ftp-bridge/values.yaml From e16e5a8608aae0e82259b9bc83bf7ed6bfcc59fe Mon Sep 17 00:00:00 2001 From: fty4 Date: Mon, 28 Oct 2024 08:41:34 +0000 Subject: [PATCH 199/291] chore(release): update version to v0.1.2 --- charts/paperlessngx-ftp-bridge/Chart.yaml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index 0cf250f..b3f3305 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -3,18 +3,16 @@ name: paperless-ngx-ftp-bridge description: A Helm chart to upload files to from a FTP (TLS) server to paperless-ngx home: https://helm.task.media/paperlessngx-ftp-bridge keywords: -- paperless-ngx -- ftp -- upload -- api + - paperless-ngx + - ftp + - upload + - api maintainers: -- name: fty4 - url: https://github.com/fty4 + - name: fty4 + url: https://github.com/fty4 sources: -- https://github.com/taskmedia/helm_paperlessngx-ftp-bridge -- https://github.com/taskmedia/helm + - https://github.com/taskmedia/helm_paperlessngx-ftp-bridge + - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png - type: application - -version: 0.1.0 +version: 0.1.2 From c14d0c3073317ff56aa39daa26a09e2d32595854 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:48:34 +0100 Subject: [PATCH 200/291] chore(ci): ensure steps prior version-bump use updated tag If no tag will be used the old commit will be used instead of the bumped. --- .github/workflows/release.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 94b3e86..180d50a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -56,6 +56,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ref: ${{ github.event.release.tag_name }} # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer @@ -145,6 +147,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + ref: ${{ github.event.release.tag_name }} - uses: azure/setup-helm@v4 with: From 36aef8d19d895181b4933db63c411489f73fe50e Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:49:29 +0100 Subject: [PATCH 201/291] chore: link readme to chart --- charts/paperlessngx-ftp-bridge/README.md | 1 + 1 file changed, 1 insertion(+) create mode 120000 charts/paperlessngx-ftp-bridge/README.md diff --git a/charts/paperlessngx-ftp-bridge/README.md b/charts/paperlessngx-ftp-bridge/README.md new file mode 120000 index 0000000..fe84005 --- /dev/null +++ b/charts/paperlessngx-ftp-bridge/README.md @@ -0,0 +1 @@ +../../README.md \ No newline at end of file From af8dd7cdec24883818bbc58f0a7273bcdd3485ab Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 28 Oct 2024 09:55:36 +0100 Subject: [PATCH 202/291] chore: add README --- README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..b34c6f4 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/paperlessngx-ftp-bridge) + +# Helm chart: paperless-ngx FTP bridge + +Kubernetes [Helm](https://helm.sh) chart to automatically upload PDF files from a FTP server to paperless-ngx. + +This application will automatically search for PDF files on your FTP server and upload them to the paperless-ngx API. +The application will run as a cronjob and will be executed every 5 minutes (can be changed). + +You can use this application e.g. if your document scanner can only upload files to a FTP server. +With this bridge your scan device will be able to upload the documents directly with the FTP as file storage inbetween. + +## Configuration + +The configuration of the application will be set in the [`values.yaml`](./values.yaml)-file. +Everything is pretty straight forward and should be self-explanatory. +If you think more information should be provided or need help, feel free to open an issue. + +## Installation + +To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. +After it was modified you can deploy the chart with the following command. + +```bash +$ helm repo add taskmedia https://helm.task.media +$ helm repo update + +$ helm show values taskmedia/paperlessngx-ftp-bridge > ./my-values.yaml +$ vi ./my-values.yaml + +$ helm upgrade --install paperlessngx-ftp-bridge taskmedia/paperlessngx-ftp-bridge --values ./my-values.yaml +``` + +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): + +```bash +$ helm upgrade --install paperlessngx-ftp-bridge oci://ghcr.io/taskmedia/paperlessngx-ftp-bridge +``` From efc5bda70c715db725f420d97bc442ecfea48760 Mon Sep 17 00:00:00 2001 From: fty4 Date: Mon, 28 Oct 2024 08:56:24 +0000 Subject: [PATCH 203/291] chore(release): update version to v0.1.3 --- charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index b3f3305..dcdaa17 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.1.2 +version: 0.1.3 From 3ed14bc0b622fb0be32cbb8ff974a6e77cf178f8 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 29 Oct 2024 18:08:57 +0100 Subject: [PATCH 204/291] fix: package naming for image / chart (#4) * fix: ensure container image is named paperlessngx-ftp-bridge-image * fix: ensure Helm chart is named paperlessngx-ftp-bridge * fix(lint): mapping values Error: templates/cronjob.yaml: unable to parse YAML: error converting YAML to JSON: yaml: line 23: mapping values are not allowed in this context --- .github/workflows/release.yaml | 14 +++++++------- Dockerfile | 1 + charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- .../paperlessngx-ftp-bridge/templates/cronjob.yaml | 2 +- charts/paperlessngx-ftp-bridge/values.yaml | 4 ++-- 5 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 180d50a..1f0c8fb 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -51,7 +51,7 @@ jobs: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io # github.repository as / - IMAGE_NAME: taskmedia/paperless-ftp-bridge + IMAGE_NAME: taskmedia/paperlessngx-ftp-bridge-image steps: - name: Checkout repository @@ -106,11 +106,11 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: | ${{ steps.meta.outputs.tags }} - ghcr.io/taskmedia/paperless-ftp-bridge:latest - ghcr.io/taskmedia/paperless-ftp-bridge:${{ github.event.release.tag_name }} - fty4/paperless-ftp-bridge:main - fty4/paperless-ftp-bridge:latest - fty4/paperless-ftp-bridge:${{ github.event.release.tag_name }} + ghcr.io/taskmedia/paperlessngx-ftp-bridge-image:latest + ghcr.io/taskmedia/paperlessngx-ftp-bridge-image:${{ github.event.release.tag_name }} + fty4/paperlessngx-ftp-bridge-image:main + fty4/paperlessngx-ftp-bridge-image:latest + fty4/paperlessngx-ftp-bridge-image:${{ github.event.release.tag_name }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max @@ -140,7 +140,7 @@ jobs: min-versions-to-keep: 100 delete-only-untagged-versions: "true" - build-and-deploy: + helm-build-and-deploy: needs: build-image runs-on: ubuntu-latest if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' diff --git a/Dockerfile b/Dockerfile index ffb5dd9..c1e6dd6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,4 @@ +# ghcr.io/taskmedia/paperlessngx-ftp-bridge-image FROM golang:1.23-alpine AS builder WORKDIR /app COPY go.mod go.sum ./ diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index dcdaa17..f274598 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: paperless-ngx-ftp-bridge +name: paperlessngx-ftp-bridge description: A Helm chart to upload files to from a FTP (TLS) server to paperless-ngx home: https://helm.task.media/paperlessngx-ftp-bridge keywords: diff --git a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml index 913f84f..4e70b07 100644 --- a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml @@ -20,7 +20,7 @@ spec: serviceAccountName: {{ include "plngxftpbridge.fullname" . }} containers: - name: backup - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" env: - name: FTP_HOST value: "{{ .Values.ftp.host }}" diff --git a/charts/paperlessngx-ftp-bridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml index f523c1e..48dcb0e 100644 --- a/charts/paperlessngx-ftp-bridge/values.yaml +++ b/charts/paperlessngx-ftp-bridge/values.yaml @@ -17,8 +17,8 @@ paperless: # image used for bridge image: - repository: ghcr.io/taskmedia/paperless-ftp-bridge - tag: main + repository: ghcr.io/taskmedia/paperlessngx-ftp-bridge-image + tag: "" # timeout for the job to complete backup activeDeadlineSeconds: 60 From 64202afc766994d00877c81be2115c85466dbcbf Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 29 Oct 2024 18:11:30 +0100 Subject: [PATCH 205/291] chore: use the chart version as default image tag (#5) --- charts/paperlessngx-ftp-bridge/templates/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml index 4e70b07..1189465 100644 --- a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml @@ -20,7 +20,7 @@ spec: serviceAccountName: {{ include "plngxftpbridge.fullname" . }} containers: - name: backup - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" env: - name: FTP_HOST value: "{{ .Values.ftp.host }}" From 5467983b196852db08ebddee7b0f423619af4902 Mon Sep 17 00:00:00 2001 From: fty4 Date: Tue, 29 Oct 2024 17:12:11 +0000 Subject: [PATCH 206/291] chore(release): update version to v0.1.4 --- charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index f274598..59b0a2b 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.1.3 +version: 0.1.4 From 021011116aac7f6d3d7f1ebade9249a3e8d6320d Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 29 Oct 2024 20:10:55 +0100 Subject: [PATCH 207/291] chore: increase versions to keep to 200 (#6) --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1f0c8fb..a93dc0b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -137,7 +137,7 @@ jobs: with: package-name: ${{ env.REPOSITORY_NAME }} package-type: "container" - min-versions-to-keep: 100 + min-versions-to-keep: 200 delete-only-untagged-versions: "true" helm-build-and-deploy: From 2700635b1669664d749c73bd5433c862840f768a Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 29 Oct 2024 20:11:04 +0100 Subject: [PATCH 208/291] fix: remove usage of service account (#7) --- charts/paperlessngx-ftp-bridge/templates/cronjob.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml index 1189465..993ab0b 100644 --- a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml @@ -17,7 +17,6 @@ spec: labels: app: "{{ include "plngxftpbridge.fullname" . }}" spec: - serviceAccountName: {{ include "plngxftpbridge.fullname" . }} containers: - name: backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" From 2922f598caf54d47d2d9b1e9ede0a16f4b563946 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 29 Oct 2024 20:11:19 +0100 Subject: [PATCH 209/291] fix: use v prefix in image.tag version (#8) --- charts/paperlessngx-ftp-bridge/templates/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml index 993ab0b..66ee1b5 100644 --- a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml @@ -19,7 +19,7 @@ spec: spec: containers: - name: backup - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.Version) }}" env: - name: FTP_HOST value: "{{ .Values.ftp.host }}" From 0b1d3af4ac221f87501c505ec17aeeb396c51ddb Mon Sep 17 00:00:00 2001 From: fty4 Date: Tue, 29 Oct 2024 19:11:52 +0000 Subject: [PATCH 210/291] chore(release): update version to v0.1.5 --- charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index 59b0a2b..3856ae3 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.1.4 +version: 0.1.5 From c09105324a8f62bb4c9201814758363c0bf8612f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Tue, 29 Oct 2024 20:14:53 +0100 Subject: [PATCH 211/291] fix: use correct paperless.url value (#9) --- charts/paperlessngx-ftp-bridge/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/paperlessngx-ftp-bridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml index 48dcb0e..5bbfae9 100644 --- a/charts/paperlessngx-ftp-bridge/values.yaml +++ b/charts/paperlessngx-ftp-bridge/values.yaml @@ -10,8 +10,8 @@ ftp: # paperless-ngx configuration to send documents to paperless: - # host with protocol but no API endpoint - host: "http://localhost:8000" + # url with protocol but no API endpoint + url: "http://localhost:8000" username: "" password: "" From d8f2cf544a017fe5172c166304e5b2f0832ad1ce Mon Sep 17 00:00:00 2001 From: fty4 Date: Tue, 29 Oct 2024 19:16:01 +0000 Subject: [PATCH 212/291] chore(release): update version to v0.1.6 --- charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index 3856ae3..6300996 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.1.5 +version: 0.1.6 From 20bd9df0e841d8123621d7261a08d2a013309e72 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 30 Oct 2024 18:20:30 +0100 Subject: [PATCH 213/291] chore(ci): add dependabot config (#3) --- .github/dependabot.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..03ee1f9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +version: 2 +updates: +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" +- package-ecosystem: "docker" + directory: "/" + schedule: + interval: "monthly" +- package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "monthly" From c8d1a94ba40796859e15c6d2cf52486b53c9bc1f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 30 Oct 2024 19:28:18 +0100 Subject: [PATCH 214/291] feat: use deployment with interval instead cronjob (#10) * feat: change bridge to continuously run and periodically handle * chore: move processing file into own func * chore: use time.Duration for interval in config * feat: update cronjob to deployment * chore: rename template cronjob to deployment * feat: add interval seconds env * fix: use Always restartPolicy * chore: rm deadline ttl values * fix: do not exit if error Retry after period and not exiting * fix: ensure tick starts immediately * chore: use pl svc default address * chore: add ftp host example * chore: add start log msg --- .../templates/cronjob.yaml | 44 ----- .../templates/deployment.yaml | 49 +++++ charts/paperlessngx-ftp-bridge/values.yaml | 16 +- ftp-paperless-bridge.go | 176 ++++++++++++------ 4 files changed, 172 insertions(+), 113 deletions(-) delete mode 100644 charts/paperlessngx-ftp-bridge/templates/cronjob.yaml create mode 100644 charts/paperlessngx-ftp-bridge/templates/deployment.yaml diff --git a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml b/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml deleted file mode 100644 index 66ee1b5..0000000 --- a/charts/paperlessngx-ftp-bridge/templates/cronjob.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: "{{ include "plngxftpbridge.fullname" . }}" -spec: - schedule: "{{ .Values.cron }}" - successfulJobsHistoryLimit: 2 - failedJobsHistoryLimit: 2 - jobTemplate: - spec: - backoffLimit: 2 - activeDeadlineSeconds: {{ .Values.activeDeadlineSeconds }} - ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished }} - template: - metadata: - name: "{{ include "plngxftpbridge.fullname" . }}" - labels: - app: "{{ include "plngxftpbridge.fullname" . }}" - spec: - containers: - - name: backup - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.Version) }}" - env: - - name: FTP_HOST - value: "{{ .Values.ftp.host }}" - - name: FTP_USERNAME - value: "{{ .Values.ftp.user }}" - - name: FTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "plngxftpbridge.fullname" . }} - key: ftp-password - - name: FTP_PATH - value: "{{ .Values.ftp.path }}" - - name: PAPERLESS_URL - value: "{{ .Values.paperless.url }}" - - name: PAPERLESS_USER - value: "{{ .Values.paperless.username }}" - - name: PAPERLESS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "plngxftpbridge.fullname" . }} - key: paperless-password - restartPolicy: OnFailure diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml new file mode 100644 index 0000000..6010c3a --- /dev/null +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "plngxftpbridge.fullname" . }}" + labels: + {{- include "plngxftpbridge.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "plngxftpbridge.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "plngxftpbridge.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.Version) }}" + env: + - name: INTERVAL_SECONDS + value: "{{ .Values.interval }}" + - name: FTP_HOST + value: "{{ .Values.ftp.host }}" + - name: FTP_USERNAME + value: "{{ .Values.ftp.user }}" + - name: FTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "plngxftpbridge.fullname" . }} + key: ftp-password + - name: FTP_PATH + value: "{{ .Values.ftp.path }}" + - name: PAPERLESS_URL + value: "{{ .Values.paperless.url }}" + - name: PAPERLESS_USER + value: "{{ .Values.paperless.username }}" + - name: PAPERLESS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "plngxftpbridge.fullname" . }} + key: paperless-password + restartPolicy: Always diff --git a/charts/paperlessngx-ftp-bridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml index 5bbfae9..e73836d 100644 --- a/charts/paperlessngx-ftp-bridge/values.yaml +++ b/charts/paperlessngx-ftp-bridge/values.yaml @@ -1,8 +1,9 @@ # schedule to check for new documents every 5 minutes -cron: "*/5 * * * *" +interval: 300 # ftp configuration where to fetch the documents ftp: + # e.g. ftp.example.org:21 host: "" user: "" password: "" @@ -11,7 +12,7 @@ ftp: # paperless-ngx configuration to send documents to paperless: # url with protocol but no API endpoint - url: "http://localhost:8000" + url: "http://paperless-ngx:8000" username: "" password: "" @@ -20,8 +21,9 @@ image: repository: ghcr.io/taskmedia/paperlessngx-ftp-bridge-image tag: "" -# timeout for the job to complete backup -activeDeadlineSeconds: 60 - -# Retain pods for 1 day after job completion -ttlSecondsAfterFinished: 86400 +# This is for setting Kubernetes Annotations to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} +# This is for setting Kubernetes Labels to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 2cf0604..0174c59 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -6,105 +6,157 @@ import ( "log" "os" "path/filepath" + "strconv" "time" "github.com/go-resty/resty/v2" "github.com/jlaffaye/ftp" ) +type Config struct { + ftpHost string + ftpUsername string + ftpPassword string + ftpPath string + paperlessURL string + paperlessUser string + paperlessPassword string + paperlessApiURL string + interval time.Duration +} + func main() { - // Read configuration from environment variables - ftpHost := os.Getenv("FTP_HOST") - ftpUsername := os.Getenv("FTP_USERNAME") - ftpPassword := os.Getenv("FTP_PASSWORD") - ftpPath := os.Getenv("FTP_PATH") - paperlessUrl := os.Getenv("PAPERLESS_URL") - paperlessUser := os.Getenv("PAPERLESS_USER") - paperlessPassword := os.Getenv("PAPERLESS_PASSWORD") - paperlessApiUrl := paperlessUrl + "/api/documents/post_document/" - - if ftpHost == "" || ftpUsername == "" || ftpPassword == "" || paperlessUrl == "" || paperlessUser == "" || paperlessPassword == "" { - log.Fatalf("One or more required environment variables are missing") + config := loadConfig() + log.Println("Starting FTP-Paperless bridge...") + + ticker := time.NewTicker(config.interval) + defer ticker.Stop() + + for ; true; <-ticker.C { + handle(config) } +} +func handle(config Config) { // Establish FTP connection with explicit SSL/TLS - conn, err := ftp.Dial(ftpHost, ftp.DialWithTimeout(5*time.Second), ftp.DialWithExplicitTLS(&tls.Config{ - InsecureSkipVerify: true, - })) + conn, err := ftp.Dial( + config.ftpHost, + ftp.DialWithTimeout(5*time.Second), + ftp.DialWithExplicitTLS(&tls.Config{ + InsecureSkipVerify: true, + })) if err != nil { - log.Fatalf("Failed to connect to FTP server: %v", err) + log.Printf("Failed to connect to FTP server: %v\n", err) + return } defer func() { if err := conn.Quit(); err != nil { - log.Printf("Failed to close FTP connection: %v", err) + log.Printf("Failed to close FTP connection: %v\n", err) } }() // Login to FTP server - err = conn.Login(ftpUsername, ftpPassword) + err = conn.Login(config.ftpUsername, config.ftpPassword) if err != nil { - log.Fatalf("Failed to login to FTP server: %v", err) + log.Printf("Failed to login to FTP server: %v\n", err) + return } // List files in the FTP server root directory - entries, err := conn.List(ftpPath) + entries, err := conn.List(config.ftpPath) if err != nil { - log.Fatalf("Failed to list files on FTP server: %v", err) + log.Printf("Failed to list files on FTP server: %v\n", err) + return } - // Create a Resty client - client := resty.New() - // Iterate over the files and process .pdf files for _, entry := range entries { - if entry.Type != ftp.EntryTypeFile || filepath.Ext(entry.Name) != ".pdf" { - log.Printf("Skipping file: %s", entry.Name) - continue - } - log.Printf("Detected PDF file: %s", entry.Name) + processFile(conn, entry, config) + } - // Download the file from FTP server - resp, err := conn.Retr(entry.Name) - if err != nil { - log.Printf("Failed to retrieve file %s: %v", entry.Name, err) - continue - } + log.Println("All files processed. Exiting.") +} - buf := new(bytes.Buffer) - _, err = buf.ReadFrom(resp) - if err != nil { - log.Printf("Failed to read file %s: %v", entry.Name, err) - continue - } - resp.Close() +func processFile(conn *ftp.ServerConn, entry *ftp.Entry, config Config) { + if entry.Type != ftp.EntryTypeFile || filepath.Ext(entry.Name) != ".pdf" { + log.Printf("Skipping file: %s", entry.Name) + return + } + log.Printf("Detected PDF file: %s", entry.Name) - // Upload the file to the Paperless-ngx API - apiResp, err := client.R(). - SetBasicAuth(paperlessUser, paperlessPassword). - SetFileReader("document", entry.Name, buf). - Post(paperlessApiUrl) + // Download the file from FTP server + resp, err := conn.Retr(entry.Name) + if err != nil { + log.Printf("Failed to retrieve file %s: %v", entry.Name, err) + return + } - if err != nil { - log.Printf("Failed to upload file %s to API: %v", entry.Name, err) - continue - } + buf := new(bytes.Buffer) + _, err = buf.ReadFrom(resp) + if err != nil { + log.Printf("Failed to read file %s: %v", entry.Name, err) + return + } + resp.Close() - if apiResp.IsError() { - log.Printf("API returned an error for file %s: %s", entry.Name, apiResp.Status()) - continue - } + // Create a Resty client + client := resty.New() + + // Upload the file to the Paperless-ngx API + apiResp, err := client.R(). + SetBasicAuth(config.paperlessUser, config.paperlessPassword). + SetFileReader("document", entry.Name, buf). + Post(config.paperlessApiURL) + + if err != nil { + log.Printf("Failed to upload file %s to API: %v", entry.Name, err) + return + } + + if apiResp.IsError() { + log.Printf("API returned an error for file %s: %s", entry.Name, apiResp.Status()) + return + } - log.Printf("Successfully uploaded file %s to API", entry.Name) + log.Printf("Successfully uploaded file %s to API", entry.Name) - // Delete the file from FTP server - err = conn.Delete(entry.Name) + // Delete the file from FTP server + err = conn.Delete(entry.Name) + if err != nil { + log.Printf("Failed to delete file %s from FTP server: %v", entry.Name, err) + return + } + + log.Printf("Successfully deleted file %s from FTP server", entry.Name) +} + +func loadConfig() Config { + intervalStr := os.Getenv("INTERVAL_SECONDS") + interval := 5 * time.Minute + if intervalStr != "" { + var err error + intervalInt, err := strconv.Atoi(intervalStr) if err != nil { - log.Printf("Failed to delete file %s from FTP server: %v", entry.Name, err) - continue + log.Fatalf("Invalid INTERVAL_SECONDS value: %v", err) } + interval = time.Duration(intervalInt) * time.Second + } - log.Printf("Successfully deleted file %s from FTP server", entry.Name) + config := Config{ + ftpHost: os.Getenv("FTP_HOST"), + ftpUsername: os.Getenv("FTP_USERNAME"), + ftpPassword: os.Getenv("FTP_PASSWORD"), + ftpPath: os.Getenv("FTP_PATH"), + paperlessURL: os.Getenv("PAPERLESS_URL"), + paperlessUser: os.Getenv("PAPERLESS_USER"), + paperlessPassword: os.Getenv("PAPERLESS_PASSWORD"), + paperlessApiURL: os.Getenv("PAPERLESS_URL") + "/api/documents/post_document/", + interval: interval, } - log.Println("All files processed. Exiting.") + if config.ftpHost == "" || config.ftpUsername == "" || config.ftpPassword == "" || config.paperlessURL == "" || config.paperlessUser == "" || config.paperlessPassword == "" { + log.Fatalf("One or more required environment variables are missing") + } + + return config } From ec54ba1a8e8afee44b4a063bb85556dcc6160a98 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 30 Oct 2024 19:28:36 +0100 Subject: [PATCH 215/291] chore(ci): disable ct install testing (#12) Not working if chart can not be started when no working configuration (e.g. FTP) is provided. --- .github/workflows/test-helm.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-helm.yaml b/.github/workflows/test-helm.yaml index ff1eb1c..c035d7f 100644 --- a/.github/workflows/test-helm.yaml +++ b/.github/workflows/test-helm.yaml @@ -46,6 +46,6 @@ jobs: uses: helm/kind-action@v1.10.0 if: steps.list-changed.outputs.changed == 'true' - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: ct install --all --chart-dirs charts + # - name: Run chart-testing (install) + # if: steps.list-changed.outputs.changed == 'true' + # run: ct install --all --chart-dirs charts From 1ac41de081a249c8adbc8ae52311fd2749c3ebdd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 19:29:17 +0100 Subject: [PATCH 216/291] chore(deps): bump stefanzweifel/git-auto-commit-action from 4 to 5 (#11) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4 to 5. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4...v5) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a93dc0b..74f34bb 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -18,7 +18,7 @@ jobs: run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/paperlessngx-ftp-bridge/Chart.yaml - name: commit version bump - uses: stefanzweifel/git-auto-commit-action@v4 + uses: stefanzweifel/git-auto-commit-action@v5 with: branch: main commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" From 049c3b58bce7023a86b9f6fe6c64b9b73c46075c Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 30 Oct 2024 19:32:42 +0100 Subject: [PATCH 217/291] chore: rename repo without helm prefix (#13) --- .github/workflows/release.yaml | 6 +++--- Dockerfile | 4 ++-- charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- go.mod | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 74f34bb..2b3c618 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -5,7 +5,7 @@ on: jobs: version-bump: runs-on: ubuntu-latest - if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' + if: github.repository == 'taskmedia/paperlessngx-ftp-bridge' steps: - name: Checkout uses: actions/checkout@v4 @@ -40,7 +40,7 @@ jobs: build-image: needs: version-bump runs-on: ubuntu-latest - if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' + if: github.repository == 'taskmedia/paperlessngx-ftp-bridge' permissions: contents: read packages: write @@ -143,7 +143,7 @@ jobs: helm-build-and-deploy: needs: build-image runs-on: ubuntu-latest - if: github.repository == 'taskmedia/helm_paperlessngx-ftp-bridge' + if: github.repository == 'taskmedia/paperlessngx-ftp-bridge' steps: - name: Checkout uses: actions/checkout@v4 diff --git a/Dockerfile b/Dockerfile index c1e6dd6..d1801dd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,8 +12,8 @@ FROM scratch # see: https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys LABEL org.opencontainers.image.title=paperless-ftp-bridge LABEL org.opencontainers.image.description="uploads files to a paperless-ng instance via FTP" -LABEL org.opencontainers.image.url=https://github.com/taskmedia/helm_paperlessngx-ftp-bridge/pkgs/container/paperless-ftp-bridge -LABEL org.opencontainers.image.source=https://github.com/taskmedia/helm_paperlessngx-ftp-bridge/blob/main/Dockerfile +LABEL org.opencontainers.image.url=https://github.com/taskmedia/paperlessngx-ftp-bridge/pkgs/container/paperless-ftp-bridge +LABEL org.opencontainers.image.source=https://github.com/taskmedia/paperlessngx-ftp-bridge/blob/main/Dockerfile LABEL org.opencontainers.image.vendor=task.media LABEL org.opencontainers.image.licenses=MIT diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index 6300996..49028fb 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -11,7 +11,7 @@ maintainers: - name: fty4 url: https://github.com/fty4 sources: - - https://github.com/taskmedia/helm_paperlessngx-ftp-bridge + - https://github.com/taskmedia/paperlessngx-ftp-bridge - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application diff --git a/go.mod b/go.mod index 0653bcc..7668cfb 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/taskmedia/helm_paperlessngx-ftp-bridge +module github.com/taskmedia/paperlessngx-ftp-bridge go 1.23.1 From 373feff8e0e530f5c36d153d7c0fbefd83951c4f Mon Sep 17 00:00:00 2001 From: fty4 Date: Wed, 30 Oct 2024 18:33:14 +0000 Subject: [PATCH 218/291] chore(release): update version to v1.0.0 --- charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index 49028fb..d2d0aa3 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 0.1.6 +version: 1.0.0 From 9f773edca336c7e0c1ca7a4d719ca63ca0a60b55 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 31 Oct 2024 10:12:50 +0100 Subject: [PATCH 219/291] feat: add logLevel (#14) * chore: add slog logging * feat: set log level via env * chore: add logLevel to chart * chore(lint): fix lint error slog.Attr slog: slog.Error arg 'err' should be a string or a slog.Attr (possible missing key or value) (govet) --- .../templates/deployment.yaml | 2 + charts/paperlessngx-ftp-bridge/values.yaml | 3 + ftp-paperless-bridge.go | 66 +++++++++++++------ 3 files changed, 52 insertions(+), 19 deletions(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml index 6010c3a..3fe7998 100644 --- a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -24,6 +24,8 @@ spec: - name: backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.Version) }}" env: + - name: LOG_LEVEL + value: "{{ .Values.logLevel }}" - name: INTERVAL_SECONDS value: "{{ .Values.interval }}" - name: FTP_HOST diff --git a/charts/paperlessngx-ftp-bridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml index e73836d..fe33d19 100644 --- a/charts/paperlessngx-ftp-bridge/values.yaml +++ b/charts/paperlessngx-ftp-bridge/values.yaml @@ -1,3 +1,6 @@ +# logLevel for the bridge - DEBUG, INFO, WARNING, ERROR +logLevel: INFO + # schedule to check for new documents every 5 minutes interval: 300 diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 0174c59..9948a71 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -3,10 +3,11 @@ package main import ( "bytes" "crypto/tls" - "log" + log "log/slog" "os" "path/filepath" "strconv" + "strings" "time" "github.com/go-resty/resty/v2" @@ -26,8 +27,10 @@ type Config struct { } func main() { + setLogLevel() + + log.Info("Starting FTP-Paperless bridge...") config := loadConfig() - log.Println("Starting FTP-Paperless bridge...") ticker := time.NewTicker(config.interval) defer ticker.Stop() @@ -38,6 +41,8 @@ func main() { } func handle(config Config) { + log.Debug("Starting file processing...") + // Establish FTP connection with explicit SSL/TLS conn, err := ftp.Dial( config.ftpHost, @@ -46,26 +51,26 @@ func handle(config Config) { InsecureSkipVerify: true, })) if err != nil { - log.Printf("Failed to connect to FTP server: %v\n", err) + log.Warn("Failed to connect to FTP server", "error", err) return } defer func() { if err := conn.Quit(); err != nil { - log.Printf("Failed to close FTP connection: %v\n", err) + log.Warn("Failed to close FTP connection", "error", err) } }() // Login to FTP server err = conn.Login(config.ftpUsername, config.ftpPassword) if err != nil { - log.Printf("Failed to login to FTP server: %v\n", err) + log.Warn("Failed to login to FTP server", "error", err) return } // List files in the FTP server root directory entries, err := conn.List(config.ftpPath) if err != nil { - log.Printf("Failed to list files on FTP server: %v\n", err) + log.Warn("Failed to list files on FTP server", "error", err) return } @@ -74,27 +79,27 @@ func handle(config Config) { processFile(conn, entry, config) } - log.Println("All files processed. Exiting.") + log.Debug("All files processed. Exiting.") } func processFile(conn *ftp.ServerConn, entry *ftp.Entry, config Config) { if entry.Type != ftp.EntryTypeFile || filepath.Ext(entry.Name) != ".pdf" { - log.Printf("Skipping file: %s", entry.Name) + log.Debug("Skipping file", "fileName", entry.Name) return } - log.Printf("Detected PDF file: %s", entry.Name) + log.Debug("Detected PDF file", "fileName", entry.Name) // Download the file from FTP server resp, err := conn.Retr(entry.Name) if err != nil { - log.Printf("Failed to retrieve file %s: %v", entry.Name, err) + log.Warn("Failed to retrieve file %s: %v", entry.Name, err) return } buf := new(bytes.Buffer) _, err = buf.ReadFrom(resp) if err != nil { - log.Printf("Failed to read file %s: %v", entry.Name, err) + log.Warn("Failed to read file %s: %v", entry.Name, err) return } resp.Close() @@ -109,25 +114,25 @@ func processFile(conn *ftp.ServerConn, entry *ftp.Entry, config Config) { Post(config.paperlessApiURL) if err != nil { - log.Printf("Failed to upload file %s to API: %v", entry.Name, err) + log.Warn("Failed to upload file %s to API: %v", entry.Name, err) return } if apiResp.IsError() { - log.Printf("API returned an error for file %s: %s", entry.Name, apiResp.Status()) + log.Warn("API returned an error for file %s: %s", entry.Name, apiResp.Status()) return } - - log.Printf("Successfully uploaded file %s to API", entry.Name) + log.Debug("Successfully uploaded file to API", "fileName", entry.Name) // Delete the file from FTP server err = conn.Delete(entry.Name) if err != nil { - log.Printf("Failed to delete file %s from FTP server: %v", entry.Name, err) + log.Error("Failed to delete file %s from FTP server: %v", entry.Name, err) return } + log.Debug("Successfully deleted file from FTP server", "fileName", entry.Name) - log.Printf("Successfully deleted file %s from FTP server", entry.Name) + log.Info("Successfully processed file", "fileName", entry.Name) } func loadConfig() Config { @@ -137,7 +142,8 @@ func loadConfig() Config { var err error intervalInt, err := strconv.Atoi(intervalStr) if err != nil { - log.Fatalf("Invalid INTERVAL_SECONDS value: %v", err) + log.Error("Invalid INTERVAL_SECONDS value", "error", err) + os.Exit(1) } interval = time.Duration(intervalInt) * time.Second } @@ -155,8 +161,30 @@ func loadConfig() Config { } if config.ftpHost == "" || config.ftpUsername == "" || config.ftpPassword == "" || config.paperlessURL == "" || config.paperlessUser == "" || config.paperlessPassword == "" { - log.Fatalf("One or more required environment variables are missing") + log.Error("One or more required environment variables are missing") + os.Exit(1) } return config } + +func setLogLevel() { + logLevel := os.Getenv("LOG_LEVEL") + if logLevel == "" { + logLevel = "ERROR" + } + logLevel = strings.ToUpper(logLevel) + + switch logLevel { + case "DEBUG": + log.SetLogLoggerLevel(log.LevelDebug) + case "INFO": + log.SetLogLoggerLevel(log.LevelInfo) + case "WARN": + log.SetLogLoggerLevel(log.LevelWarn) + case "ERROR": + log.SetLogLoggerLevel(log.LevelError) + default: + log.SetLogLoggerLevel(log.LevelInfo) + } +} From 2f98f53ac7a99bd7a3d1ed68d3390a3a666e1983 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 31 Oct 2024 11:00:09 +0100 Subject: [PATCH 220/291] chore(lint): use attrib for logging when possible (#15) --- ftp-paperless-bridge.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 9948a71..1ff6c6d 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -92,14 +92,14 @@ func processFile(conn *ftp.ServerConn, entry *ftp.Entry, config Config) { // Download the file from FTP server resp, err := conn.Retr(entry.Name) if err != nil { - log.Warn("Failed to retrieve file %s: %v", entry.Name, err) + log.Warn("Failed to retrieve file", "fileName", entry.Name, "error", err) return } buf := new(bytes.Buffer) _, err = buf.ReadFrom(resp) if err != nil { - log.Warn("Failed to read file %s: %v", entry.Name, err) + log.Warn("Failed to read file", "fileName", entry.Name, "error", err) return } resp.Close() @@ -114,12 +114,12 @@ func processFile(conn *ftp.ServerConn, entry *ftp.Entry, config Config) { Post(config.paperlessApiURL) if err != nil { - log.Warn("Failed to upload file %s to API: %v", entry.Name, err) + log.Warn("Failed to upload file to API", "fileName", entry.Name, "error", err) return } if apiResp.IsError() { - log.Warn("API returned an error for file %s: %s", entry.Name, apiResp.Status()) + log.Warn("API returned an error for file", "fileName", entry.Name, "status", apiResp.Status()) return } log.Debug("Successfully uploaded file to API", "fileName", entry.Name) @@ -127,7 +127,7 @@ func processFile(conn *ftp.ServerConn, entry *ftp.Entry, config Config) { // Delete the file from FTP server err = conn.Delete(entry.Name) if err != nil { - log.Error("Failed to delete file %s from FTP server: %v", entry.Name, err) + log.Error("Failed to delete file from FTP server", "fileName", entry.Name, "error", err) return } log.Debug("Successfully deleted file from FTP server", "fileName", entry.Name) From 852cf3fcd7f06895ad85dc7c74a7537468af86ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 19:13:12 +0100 Subject: [PATCH 221/291] chore(deps): bump stefanzweifel/git-auto-commit-action from 4 to 5 (#11) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4 to 5. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4...v5) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0d12faf..2159f35 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/paperlessngx-backup/Chart.yaml - name: commit version bump - uses: stefanzweifel/git-auto-commit-action@v4 + uses: stefanzweifel/git-auto-commit-action@v5 with: branch: main commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" From f0163f3f7a1009c9d8002c40a35f61a412f7bae7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 19:14:12 +0100 Subject: [PATCH 222/291] chore(deps): bump stefanzweifel/git-auto-commit-action from 4 to 5 (#31) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4 to 5. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4...v5) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7d5bd09..6932694 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/ipsec-vpn-server/Chart.yaml - name: commit version bump - uses: stefanzweifel/git-auto-commit-action@v4 + uses: stefanzweifel/git-auto-commit-action@v5 with: branch: main commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" From db73937635219e5282110473293feb2988c77222 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 19:14:49 +0100 Subject: [PATCH 223/291] chore(deps): bump helm/kind-action from 1.4.0 to 1.10.0 (#30) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.4.0 to 1.10.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.4.0...v1.10.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9dad2d8..9834185 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -40,7 +40,7 @@ jobs: --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.10.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From c9bd88e84d386d230a1e8f4b6e7ff536652eaf34 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sun, 3 Nov 2024 12:40:52 +0100 Subject: [PATCH 224/291] feat: health check (#16) * chore: return success in handle func * feat: check readiness (ftp, paperless-ngx) * feat: add health check * feat: use percentage for healthy check Allows to set a percentage (50% - 0.5) to determ if service is healthy * chore: rework unhealthyPercentage calculation * chore(test): add health test for isHealthy() * chore: add liveness probe to chart * chore: add health log messages * feat: add login test to readiness probe * chore: ensure credentials are correct for paperless Will return 405 - method (GET) not allowed which will determ credentials are correct. * chore(lint): add quitFTPConnection func Error return value of `conn.Quit` is not checked (errcheck) --- .../templates/deployment.yaml | 6 + ftp-paperless-bridge.go | 33 ++++-- health.go | 109 ++++++++++++++++++ health_test.go | 53 +++++++++ 4 files changed, 191 insertions(+), 10 deletions(-) create mode 100644 health.go create mode 100644 health_test.go diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml index 3fe7998..077707e 100644 --- a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -48,4 +48,10 @@ spec: secretKeyRef: name: {{ include "plngxftpbridge.fullname" . }} key: paperless-password + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 30 + periodSeconds: {{ .Values.interval }} restartPolicy: Always diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index 1ff6c6d..cfc7e91 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -32,15 +32,25 @@ func main() { log.Info("Starting FTP-Paperless bridge...") config := loadConfig() + // Start health check server + go startHealthCheckServer() + + // check readiness + if !readinessProbe(config) { + log.Error("Initial readiness probe failed") + os.Exit(1) + } + ticker := time.NewTicker(config.interval) defer ticker.Stop() for ; true; <-ticker.C { - handle(config) + success := handle(config) + updateLastResults(success) } } -func handle(config Config) { +func handle(config Config) bool { log.Debug("Starting file processing...") // Establish FTP connection with explicit SSL/TLS @@ -52,26 +62,22 @@ func handle(config Config) { })) if err != nil { log.Warn("Failed to connect to FTP server", "error", err) - return + return false } - defer func() { - if err := conn.Quit(); err != nil { - log.Warn("Failed to close FTP connection", "error", err) - } - }() + defer quitFTPConnection(conn) // Login to FTP server err = conn.Login(config.ftpUsername, config.ftpPassword) if err != nil { log.Warn("Failed to login to FTP server", "error", err) - return + return false } // List files in the FTP server root directory entries, err := conn.List(config.ftpPath) if err != nil { log.Warn("Failed to list files on FTP server", "error", err) - return + return false } // Iterate over the files and process .pdf files @@ -80,6 +86,7 @@ func handle(config Config) { } log.Debug("All files processed. Exiting.") + return true } func processFile(conn *ftp.ServerConn, entry *ftp.Entry, config Config) { @@ -188,3 +195,9 @@ func setLogLevel() { log.SetLogLoggerLevel(log.LevelInfo) } } + +func quitFTPConnection(conn *ftp.ServerConn) { + if err := conn.Quit(); err != nil { + log.Warn("Failed to close FTP connection", "error", err) + } +} diff --git a/health.go b/health.go new file mode 100644 index 0000000..9c9655e --- /dev/null +++ b/health.go @@ -0,0 +1,109 @@ +package main + +import ( + "crypto/tls" + "fmt" + log "log/slog" + "math" + "net/http" + "sync" + "time" + + "github.com/go-resty/resty/v2" + "github.com/jlaffaye/ftp" +) + +const ( + // allowed percentage of unhealthy results in last n results + unhealthyPercentage = 0.5 + evaluatedResults = 10 +) + +var ( + lastResults = make([]bool, evaluatedResults) + lastResultsIndex = 0 + lastResultsMutex sync.Mutex + threshold = int(math.Floor(float64(evaluatedResults) * unhealthyPercentage)) +) + +func init() { + // start with last results all true to avoid false health check + for i := range lastResults { + lastResults[i] = true + } +} + +func startHealthCheckServer() { + http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) { + if isHealthy() { + log.Debug("Health check passed") + w.WriteHeader(http.StatusOK) + fmt.Fprintln(w, "OK") + } else { + log.Warn("Health check failed") + w.WriteHeader(http.StatusInternalServerError) + fmt.Fprintln(w, "NOT OK") + } + }) + + log.Info("Starting health check server on :8080/healthz") + if err := http.ListenAndServe(":8080", nil); err != nil { + log.Error("Failed to start health check server", "error", err) + } +} + +func readinessProbe(config Config) bool { + // Check FTP server + conn, err := ftp.Dial( + config.ftpHost, + ftp.DialWithTimeout(5*time.Second), + ftp.DialWithExplicitTLS(&tls.Config{ + InsecureSkipVerify: true, + })) + if err != nil { + log.Error("Failed to connect to FTP server during readiness probe", "error", err) + return false + } + defer quitFTPConnection(conn) + + // Attempt to log in to the FTP server + err = conn.Login(config.ftpUsername, config.ftpPassword) + if err != nil { + log.Error("Failed to login to FTP server during readiness probe", "error", err) + return false + } + + // Check Paperless server + client := resty.New() + resp, err := client.R(). + SetBasicAuth(config.paperlessUser, config.paperlessPassword). + Get(config.paperlessApiURL) + if err != nil || (resp.StatusCode() != 405 && resp.IsError()) { + log.Error("Failed to connect to Paperless server during readiness probe", "error", err) + return false + } + + return true +} + +func updateLastResults(success bool) { + lastResultsMutex.Lock() + defer lastResultsMutex.Unlock() + + lastResults[lastResultsIndex] = success + lastResultsIndex = (lastResultsIndex + 1) % evaluatedResults +} + +func isHealthy() bool { + lastResultsMutex.Lock() + defer lastResultsMutex.Unlock() + + falseCount := 0 + for _, result := range lastResults { + if !result { + falseCount++ + } + } + + return falseCount <= threshold +} diff --git a/health_test.go b/health_test.go new file mode 100644 index 0000000..f349823 --- /dev/null +++ b/health_test.go @@ -0,0 +1,53 @@ +package main + +import "testing" + +func TestIsHealthy(t *testing.T) { + tests := []struct { + desc string + results []bool + expected bool + }{ + { + desc: "All true", + results: []bool{true, true, true, true, true, true, true, true, true, true}, + expected: true, + }, + { + desc: "One false", + results: []bool{true, true, true, true, true, true, true, true, true, false}, + expected: true, + }, + { + desc: "Two false", + results: []bool{true, true, true, true, true, true, true, true, false, false}, + expected: true, + }, + { + desc: "Five false", + results: []bool{true, true, true, true, true, false, false, false, false, false}, + expected: true, + }, + { + desc: "Six false", + results: []bool{true, true, true, true, false, false, false, false, false, false}, + expected: false, + }, + { + desc: "All false", + results: []bool{false, false, false, false, false, false, false, false, false, false}, + expected: false, + }, + } + + for _, tt := range tests { + t.Run(tt.desc, func(t *testing.T) { + lastResults = tt.results + + actual := isHealthy() + if actual != tt.expected { + t.Errorf("isHealthy() = %v, want %v", actual, tt.expected) + } + }) + } +} From c563d9054e3b6e60239afdca810999faa0763508 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 4 Nov 2024 09:46:04 +0100 Subject: [PATCH 225/291] feat!:use cron to define interval (#17) * feat!:use cron to define interval * chore(go): tidy cron dep --- .../templates/deployment.yaml | 4 +-- charts/paperlessngx-ftp-bridge/values.yaml | 2 +- ftp-paperless-bridge.go | 35 +++++++++++-------- go.mod | 1 + go.sum | 2 ++ 5 files changed, 26 insertions(+), 18 deletions(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml index 077707e..b141aa5 100644 --- a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: env: - name: LOG_LEVEL value: "{{ .Values.logLevel }}" - - name: INTERVAL_SECONDS + - name: CRON_SCHEDULE value: "{{ .Values.interval }}" - name: FTP_HOST value: "{{ .Values.ftp.host }}" @@ -53,5 +53,5 @@ spec: path: /healthz port: 8080 initialDelaySeconds: 30 - periodSeconds: {{ .Values.interval }} + periodSeconds: 30 restartPolicy: Always diff --git a/charts/paperlessngx-ftp-bridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml index fe33d19..80ae924 100644 --- a/charts/paperlessngx-ftp-bridge/values.yaml +++ b/charts/paperlessngx-ftp-bridge/values.yaml @@ -2,7 +2,7 @@ logLevel: INFO # schedule to check for new documents every 5 minutes -interval: 300 +interval: "*/5 * * * *" # ftp configuration where to fetch the documents ftp: diff --git a/ftp-paperless-bridge.go b/ftp-paperless-bridge.go index cfc7e91..cf7e2bf 100644 --- a/ftp-paperless-bridge.go +++ b/ftp-paperless-bridge.go @@ -6,12 +6,12 @@ import ( log "log/slog" "os" "path/filepath" - "strconv" "strings" "time" "github.com/go-resty/resty/v2" "github.com/jlaffaye/ftp" + "github.com/robfig/cron/v3" ) type Config struct { @@ -23,7 +23,7 @@ type Config struct { paperlessUser string paperlessPassword string paperlessApiURL string - interval time.Duration + interval string } func main() { @@ -41,13 +41,25 @@ func main() { os.Exit(1) } - ticker := time.NewTicker(config.interval) - defer ticker.Stop() + c := cron.New() - for ; true; <-ticker.C { + _, err := c.AddFunc(config.interval, func() { success := handle(config) updateLastResults(success) + }) + if err != nil { + log.Error("Failed to schedule job", "error", err) + os.Exit(1) } + + c.Start() + + // Run the first job immediately + success := handle(config) + updateLastResults(success) + + // Wait forever + select {} } func handle(config Config) bool { @@ -143,16 +155,9 @@ func processFile(conn *ftp.ServerConn, entry *ftp.Entry, config Config) { } func loadConfig() Config { - intervalStr := os.Getenv("INTERVAL_SECONDS") - interval := 5 * time.Minute - if intervalStr != "" { - var err error - intervalInt, err := strconv.Atoi(intervalStr) - if err != nil { - log.Error("Invalid INTERVAL_SECONDS value", "error", err) - os.Exit(1) - } - interval = time.Duration(intervalInt) * time.Second + interval := os.Getenv("CRON_SCHEDULE") + if interval == "" { + interval = "*/5 7-20 * * *" // Default to every 5 minutes from 7 AM to 8 PM } config := Config{ diff --git a/go.mod b/go.mod index 7668cfb..7b7da2a 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.23.1 require ( github.com/go-resty/resty/v2 v2.15.3 github.com/jlaffaye/ftp v0.2.0 + github.com/robfig/cron/v3 v3.0.1 ) require ( diff --git a/go.sum b/go.sum index 075989d..8e22cf3 100644 --- a/go.sum +++ b/go.sum @@ -10,6 +10,8 @@ github.com/jlaffaye/ftp v0.2.0 h1:lXNvW7cBu7R/68bknOX3MrRIIqZ61zELs1P2RAiA3lg= github.com/jlaffaye/ftp v0.2.0/go.mod h1:is2Ds5qkhceAPy2xD6RLI6hmp/qysSoymZ+Z2uTnspI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= +github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= From c1a1018ebe62917b47cba64ba37ce3b2bf6f4278 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 4 Nov 2024 09:54:40 +0100 Subject: [PATCH 226/291] chore: required chart fields (#18) * chore: require passwords * chore: add quote to passwords * chore: require username and ftp.host --- charts/paperlessngx-ftp-bridge/templates/deployment.yaml | 6 +++--- charts/paperlessngx-ftp-bridge/templates/secrets.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml index b141aa5..4af624e 100644 --- a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -29,9 +29,9 @@ spec: - name: CRON_SCHEDULE value: "{{ .Values.interval }}" - name: FTP_HOST - value: "{{ .Values.ftp.host }}" + value: "{{ required "ftp.host is required" .Values.ftp.host }}" - name: FTP_USERNAME - value: "{{ .Values.ftp.user }}" + value: "{{ required "ftp.user is required" .Values.ftp.user }}" - name: FTP_PASSWORD valueFrom: secretKeyRef: @@ -42,7 +42,7 @@ spec: - name: PAPERLESS_URL value: "{{ .Values.paperless.url }}" - name: PAPERLESS_USER - value: "{{ .Values.paperless.username }}" + value: "{{ required "paperless.username is required" .Values.paperless.username }}" - name: PAPERLESS_PASSWORD valueFrom: secretKeyRef: diff --git a/charts/paperlessngx-ftp-bridge/templates/secrets.yaml b/charts/paperlessngx-ftp-bridge/templates/secrets.yaml index b792c2d..204a835 100644 --- a/charts/paperlessngx-ftp-bridge/templates/secrets.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/secrets.yaml @@ -4,5 +4,5 @@ metadata: name: "{{ include "plngxftpbridge.fullname" . }}" type: Opaque stringData: - ftp-password: {{ .Values.ftp.password }} - paperless-password: {{ .Values.paperless.password }} + ftp-password: {{ required "ftp.password is required" .Values.ftp.password | quote }} + paperless-password: {{ required "paperless.password is required" .Values.paperless.password | quote }} From 4be545a5bf7b431bc7f84cce718ccb0aa47f946c Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 4 Nov 2024 09:55:34 +0100 Subject: [PATCH 227/291] chore: rename base container (#19) Rename base container to bridge. --- charts/paperlessngx-ftp-bridge/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml index 4af624e..5b3f6b6 100644 --- a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -21,7 +21,7 @@ spec: {{- end }} spec: containers: - - name: backup + - name: bridge image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.Version) }}" env: - name: LOG_LEVEL From 59b322930b1cbfdc5b86901080ed114d9fbffaaf Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 4 Nov 2024 10:03:03 +0100 Subject: [PATCH 228/291] chore: allow to specify imagePullPolicy (#20) --- charts/paperlessngx-ftp-bridge/templates/deployment.yaml | 1 + charts/paperlessngx-ftp-bridge/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml index 5b3f6b6..6887838 100644 --- a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -23,6 +23,7 @@ spec: containers: - name: bridge image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.Version) }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: LOG_LEVEL value: "{{ .Values.logLevel }}" diff --git a/charts/paperlessngx-ftp-bridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml index 80ae924..082f430 100644 --- a/charts/paperlessngx-ftp-bridge/values.yaml +++ b/charts/paperlessngx-ftp-bridge/values.yaml @@ -23,6 +23,7 @@ paperless: image: repository: ghcr.io/taskmedia/paperlessngx-ftp-bridge-image tag: "" + pullPolicy: Always # This is for setting Kubernetes Annotations to a Pod. # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ From 242e2ceed78ea6f88ee04b6049601e1d60f5d016 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 4 Nov 2024 10:06:42 +0100 Subject: [PATCH 229/291] fix: ensure pods are restarted on password update (#21) --- charts/paperlessngx-ftp-bridge/templates/deployment.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml index 6887838..606a907 100644 --- a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -10,8 +10,9 @@ spec: {{- include "plngxftpbridge.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + secrets-hash: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: From 875dff501f8edabebd442dd73b9b5668d6dbfbb0 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Mon, 4 Nov 2024 10:23:42 +0100 Subject: [PATCH 230/291] chore: upload binaries on release (#22) --- .github/workflows/release.yaml | 42 ++++++++++++++++++++++++++++++++++ .gitignore | 1 + 2 files changed, 43 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2b3c618..5b2cbe5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -189,3 +189,45 @@ jobs: ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} folder: repo clean: false + + build-binaries: + name: Build binaries for release + needs: version-bump + runs-on: ubuntu-latest + if: github.repository == 'taskmedia/paperlessngx-ftp-bridge' + permissions: + contents: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ github.event.release.tag_name }} + + - name: Build binaries + run: | + GOOS=linux GOARCH=amd64 go build -o ./bin/paperlessngx-ftp-bridge-linux-amd64 + GOOS=linux GOARCH=arm64 go build -o ./bin/paperlessngx-ftp-bridge-linux-arm64 + GOOS=linux GOARCH=arm go build -o ./bin/paperlessngx-ftp-bridge-linux-arm + GOOS=linux GOARCH=386 go build -o ./bin/paperlessngx-ftp-bridge-linux-386 + + # macOS with Intel CPU + GOOS=darwin GOARCH=amd64 go build -o ./bin/paperlessngx-ftp-bridge-darwin-amd64 + # macOS with Apple Silicon CPU + GOOS=darwin GOARCH=arm64 go build -o ./bin/paperlessngx-ftp-bridge-darwin-arm64 + + GOOS=windows GOARCH=amd64 go build -o ./bin/paperlessngx-ftp-bridge-windows-amd64.exe + GOOS=windows GOARCH=386 go build -o ./bin/paperlessngx-ftp-bridge-windows-386.exe + + - name: Upload artifacts to existing release + uses: softprops/action-gh-release@v1 + with: + tag_name: ${{ github.event.release.tag_name }} + files: | + ./bin/paperlessngx-ftp-bridge-linux-amd64 + ./bin/paperlessngx-ftp-bridge-linux-arm64 + ./bin/paperlessngx-ftp-bridge-linux-arm + ./bin/paperlessngx-ftp-bridge-linux-386 + ./bin/paperlessngx-ftp-bridge-darwin-amd64 + ./bin/paperlessngx-ftp-bridge-darwin-arm64 + ./bin/paperlessngx-ftp-bridge-windows-amd64.exe + ./bin/paperlessngx-ftp-bridge-windows-386.exe diff --git a/.gitignore b/.gitignore index 4c49bd7..51a41ee 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .env +bin/ From e202d37b99b29bf77a5852e06e393a86547339dc Mon Sep 17 00:00:00 2001 From: fty4 Date: Mon, 4 Nov 2024 09:24:56 +0000 Subject: [PATCH 231/291] chore(release): update version to v1.1.0 --- charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index d2d0aa3..a6c1ca7 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 1.0.0 +version: 1.1.0 From ce94ff86fd1ac6084335faef76a4ed58db2a534d Mon Sep 17 00:00:00 2001 From: prewriter Date: Fri, 20 Dec 2024 17:36:19 +0100 Subject: [PATCH 232/291] chore(doc): Fix links to values.yaml (#33) --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f5707e0..458a3bf 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,11 @@ Kubernetes [Helm](https://helm.sh) chart to run an IPsec VPN server, with IPsec/ This is based on the docker image [hwdsl2/docker-ipsec-vpn-server](https://github.com/hwdsl2/docker-ipsec-vpn-server). The main goal is to simplify the deployment of a VPN server for k8s. -You will be able to configure VPN users directly as list in the [`values.yaml`](./values.yaml). +You will be able to configure VPN users directly as list in the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml). ## Configuration -The configuration of the VPN server will be set in the [`values.yaml`](./values.yaml)-file. +The configuration of the VPN server will be set in the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml)-file. Please ensure to overwrite the configuration especially for `vpn.psk`, `vpn.dns_name` and `users[*].password`. It is possible to commit the password to your git repository if you have a separate sealed-secret instance. @@ -18,7 +18,7 @@ You find detailed documentation in the section [Using sealed-secrets](#Using-sea ## Installation -To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. +To deploy the Helm chart first copy the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml)-file and customize your deployment. After it was modified you can deploy the chart with the following command. ```bash From e22c95cf3ddf5f5377a4e16ee4e1bfa4f619dab9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 17:57:04 +0100 Subject: [PATCH 233/291] chore(deps): bump helm/kind-action from 1.10.0 to 1.12.0 (#13) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.10.0 to 1.12.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.10.0...v1.12.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ff1eb1c..c22732f 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -43,7 +43,7 @@ jobs: --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@v1.12.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From 901857323fb5c8bdc782ccb26f18e2b2bed23882 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 17:57:36 +0100 Subject: [PATCH 234/291] chore(deps): bump JamesIves/github-pages-deploy-action (#35) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.6.8 to 4.7.2. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.6.8...v4.7.2) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6932694..0262e97 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -69,7 +69,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.6.8 + uses: JamesIves/github-pages-deploy-action@v4.7.2 with: repository-name: taskmedia/helm branch: gh-pages From df02115e0858c25d4ba4d8caff84e08b6a6f857c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 17:58:55 +0100 Subject: [PATCH 235/291] chore(deps): bump JamesIves/github-pages-deploy-action (#14) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.6.8 to 4.7.2. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.6.8...v4.7.2) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2159f35..2172870 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -69,7 +69,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.6.8 + uses: JamesIves/github-pages-deploy-action@v4.7.2 with: repository-name: taskmedia/helm branch: gh-pages From ded6b1716aa4d3ece52cf3de217c5baea51d0efb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 17:59:16 +0100 Subject: [PATCH 236/291] chore(deps): bump helm/kind-action from 1.10.0 to 1.12.0 (#34) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.10.0 to 1.12.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.10.0...v1.12.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9834185..4374003 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -40,7 +40,7 @@ jobs: --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@v1.12.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From 1eae0a123ddd140a35c92a87ec74b9d77c548413 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 18:02:21 +0100 Subject: [PATCH 237/291] chore(deps): bump codecov/codecov-action from 4 to 5 (#28) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4...v5) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test-go.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-go.yaml b/.github/workflows/test-go.yaml index 01092a9..612e3bb 100644 --- a/.github/workflows/test-go.yaml +++ b/.github/workflows/test-go.yaml @@ -84,7 +84,7 @@ jobs: run: go test -coverprofile=coverage.txt - name: Upload results to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 with: token: ${{ secrets.CODECOV_TOKEN }} From 8ee221cc843cdada151af88e321f426dca3b83f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 18:02:46 +0100 Subject: [PATCH 238/291] chore(deps): bump docker/build-push-action from 6.9.0 to 6.10.0 (#27) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.9.0 to 6.10.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/4f58ea79222b3b9dc2c8bbdd6debcef730109a75...48aba3b46d1b1fec4febb7c5d0c644b249a11355) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5b2cbe5..a6f8554 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -95,7 +95,7 @@ jobs: # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: . platforms: | From cbbf9adba044dd1ba948d3aac857bbb07f606005 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 18:03:23 +0100 Subject: [PATCH 239/291] chore(deps): bump docker/metadata-action from 5.5.1 to 5.6.1 (#26) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.5.1 to 5.6.1. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/8e5442c4ef9f78752691e2d8f8d19755c6f78e81...369eb591f429131d6889c46b94e711f089e6ca96) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a6f8554..e8ad5de 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -87,7 +87,7 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} From 8b9b4ae4215db4989025d7ce37fe8d410ac9407e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 18:04:43 +0100 Subject: [PATCH 240/291] chore(deps): bump softprops/action-gh-release from 1 to 2 (#24) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e8ad5de..23876a4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -219,7 +219,7 @@ jobs: GOOS=windows GOARCH=386 go build -o ./bin/paperlessngx-ftp-bridge-windows-386.exe - name: Upload artifacts to existing release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: tag_name: ${{ github.event.release.tag_name }} files: | From 706c5d7832425566943b9613e780d8975aba7961 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 18:05:05 +0100 Subject: [PATCH 241/291] chore(deps): bump github.com/go-resty/resty/v2 from 2.15.3 to 2.16.2 (#23) Bumps [github.com/go-resty/resty/v2](https://github.com/go-resty/resty) from 2.15.3 to 2.16.2. - [Release notes](https://github.com/go-resty/resty/releases) - [Commits](https://github.com/go-resty/resty/compare/v2.15.3...v2.16.2) --- updated-dependencies: - dependency-name: github.com/go-resty/resty/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7b7da2a..fdd4bdd 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/taskmedia/paperlessngx-ftp-bridge go 1.23.1 require ( - github.com/go-resty/resty/v2 v2.15.3 + github.com/go-resty/resty/v2 v2.16.2 github.com/jlaffaye/ftp v0.2.0 github.com/robfig/cron/v3 v3.0.1 ) diff --git a/go.sum b/go.sum index 8e22cf3..669ae7b 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-resty/resty/v2 v2.15.3 h1:bqff+hcqAflpiF591hhJzNdkRsFhlB96CYfBwSFvql8= -github.com/go-resty/resty/v2 v2.15.3/go.mod h1:0fHAoK7JoBy/Ch36N8VFeMsK7xQOHhvWaC3iOktwmIU= +github.com/go-resty/resty/v2 v2.16.2 h1:CpRqTjIzq/rweXUt9+GxzzQdlkqMdt8Lm/fuK/CAbAg= +github.com/go-resty/resty/v2 v2.16.2/go.mod h1:0fHAoK7JoBy/Ch36N8VFeMsK7xQOHhvWaC3iOktwmIU= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= From b5f08375c26ee13025dc8a1bf7e001ae1097da8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 Jan 2025 14:08:21 +0100 Subject: [PATCH 242/291] chore(deps): bump JamesIves/github-pages-deploy-action (#29) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.6.8 to 4.7.2. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.6.8...v4.7.2) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 23876a4..e9b4c0f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -182,7 +182,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.6.8 + uses: JamesIves/github-pages-deploy-action@v4.7.2 with: repository-name: taskmedia/helm branch: gh-pages From ec4cc564d28e2c0534959466f7c6fb02ec9c2e30 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 Jan 2025 14:09:58 +0100 Subject: [PATCH 243/291] chore(deps): bump golang.org/x/net from 0.27.0 to 0.33.0 (#30) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.27.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.27.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fdd4bdd..8c82ac6 100644 --- a/go.mod +++ b/go.mod @@ -11,5 +11,5 @@ require ( require ( github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - golang.org/x/net v0.27.0 // indirect + golang.org/x/net v0.33.0 // indirect ) diff --git a/go.sum b/go.sum index 669ae7b..be8bb27 100644 --- a/go.sum +++ b/go.sum @@ -14,8 +14,8 @@ github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= From dbb81e14c97c8cd655d1ef9d27dfb40ada584001 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:38:20 +0100 Subject: [PATCH 244/291] chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 (#15) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.6.1...v2.7.0) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c22732f..b717d9b 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -25,7 +25,7 @@ jobs: check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@v2.7.0 - name: Run chart-testing (list-changed) id: list-changed From 7dea8bcbf3c6158230c93f036a2bae74e90ed90e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:38:35 +0100 Subject: [PATCH 245/291] chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 (#36) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.6.1...v2.7.0) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 4374003..381d0a9 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -22,7 +22,7 @@ jobs: check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@v2.7.0 - name: Run chart-testing (list-changed) id: list-changed From 4fd7d6d59f4e62258be492be6ced46dcad060e43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:38:55 +0100 Subject: [PATCH 246/291] chore(deps): bump github.com/go-resty/resty/v2 from 2.16.2 to 2.16.5 (#35) Bumps [github.com/go-resty/resty/v2](https://github.com/go-resty/resty) from 2.16.2 to 2.16.5. - [Release notes](https://github.com/go-resty/resty/releases) - [Commits](https://github.com/go-resty/resty/compare/v2.16.2...v2.16.5) --- updated-dependencies: - dependency-name: github.com/go-resty/resty/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8c82ac6..743c3ff 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/taskmedia/paperlessngx-ftp-bridge go 1.23.1 require ( - github.com/go-resty/resty/v2 v2.16.2 + github.com/go-resty/resty/v2 v2.16.5 github.com/jlaffaye/ftp v0.2.0 github.com/robfig/cron/v3 v3.0.1 ) diff --git a/go.sum b/go.sum index be8bb27..c0d8f03 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-resty/resty/v2 v2.16.2 h1:CpRqTjIzq/rweXUt9+GxzzQdlkqMdt8Lm/fuK/CAbAg= -github.com/go-resty/resty/v2 v2.16.2/go.mod h1:0fHAoK7JoBy/Ch36N8VFeMsK7xQOHhvWaC3iOktwmIU= +github.com/go-resty/resty/v2 v2.16.5 h1:hBKqmWrr7uRc3euHVqmh1HTHcKn99Smr7o5spptdhTM= +github.com/go-resty/resty/v2 v2.16.5/go.mod h1:hkJtXbA2iKHzJheXYvQ8snQES5ZLGKMwQ07xAwp/fiA= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= From 494c67d5f9f42cc5a365ae0d0e65f97994e975f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:39:42 +0100 Subject: [PATCH 247/291] chore(deps): bump docker/build-push-action from 6.10.0 to 6.13.0 (#34) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.10.0 to 6.13.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/48aba3b46d1b1fec4febb7c5d0c644b249a11355...ca877d9245402d1537745e0e356eab47c3520991) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e9b4c0f..929d43c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -95,7 +95,7 @@ jobs: # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: context: . platforms: | From b80285f061f6fe3eb9dfaa9c0bae2d46eef1c5df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:39:59 +0100 Subject: [PATCH 248/291] chore(deps): bump helm/kind-action from 1.10.0 to 1.12.0 (#33) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.10.0 to 1.12.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.10.0...v1.12.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test-helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-helm.yaml b/.github/workflows/test-helm.yaml index c035d7f..10d642d 100644 --- a/.github/workflows/test-helm.yaml +++ b/.github/workflows/test-helm.yaml @@ -43,7 +43,7 @@ jobs: --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@v1.12.0 if: steps.list-changed.outputs.changed == 'true' # - name: Run chart-testing (install) From 9b6f8e6cb505eb5c09f1a4c5d624c3551cfe3079 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:40:25 +0100 Subject: [PATCH 249/291] chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 (#32) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.6.1...v2.7.0) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test-helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-helm.yaml b/.github/workflows/test-helm.yaml index 10d642d..7e94dd5 100644 --- a/.github/workflows/test-helm.yaml +++ b/.github/workflows/test-helm.yaml @@ -25,7 +25,7 @@ jobs: check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@v2.7.0 - name: Run chart-testing (list-changed) id: list-changed From 4f3179e5ca576ebe38c33b6126df12c5d8869a0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:41:01 +0100 Subject: [PATCH 250/291] chore(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 (#31) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/c47758b77c9736f4b2ef4073d4d51994fabfe349...6524bf65af31da8d45b59e8c27de4bd072b392f5) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 929d43c..0bcbd29 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -66,7 +66,7 @@ jobs: # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 # Login against a Docker registry except on PR # https://github.com/docker/login-action From 0713aa27e3a25c057b0cc4d7e55c066d0a3f9a88 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 13 Mar 2025 17:27:05 +0100 Subject: [PATCH 251/291] feat: allow to use existing secret for ftp password (#17) --- charts/paperlessngx-backup/templates/cronjob.yaml | 4 ++-- charts/paperlessngx-backup/templates/secret.yaml | 2 ++ charts/paperlessngx-backup/values.yaml | 5 +++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/paperlessngx-backup/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml index 4b923a2..e2bc66e 100644 --- a/charts/paperlessngx-backup/templates/cronjob.yaml +++ b/charts/paperlessngx-backup/templates/cronjob.yaml @@ -33,8 +33,8 @@ spec: - name: FTP_PASSWORD valueFrom: secretKeyRef: - name: {{ include "plngxbackup.fullname" . }} - key: ftp-password + name: {{ default (include "plngxbackup.fullname" .) .Values.ftp.passwordExistingSecret.name }} + key: {{ default "ftp-password" .Values.ftp.passwordExistingSecret.key }} - name: FTP_PATH value: "{{ .Values.ftp.path }}" volumeMounts: diff --git a/charts/paperlessngx-backup/templates/secret.yaml b/charts/paperlessngx-backup/templates/secret.yaml index 699f93d..2a78cc1 100644 --- a/charts/paperlessngx-backup/templates/secret.yaml +++ b/charts/paperlessngx-backup/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.ftp.passwordExistingSecret.name }} apiVersion: v1 kind: Secret metadata: @@ -5,3 +6,4 @@ metadata: type: Opaque stringData: ftp-password: "{{ .Values.ftp.password }}" +{{- end }} diff --git a/charts/paperlessngx-backup/values.yaml b/charts/paperlessngx-backup/values.yaml index bd60bf9..742ef98 100644 --- a/charts/paperlessngx-backup/values.yaml +++ b/charts/paperlessngx-backup/values.yaml @@ -18,7 +18,12 @@ encryption: ftp: host: "" user: "" + # set password directly as value password: "" + # set password from existing secret + passwordExistingSecret: + name: "" + key: "" path: "." # image used for backup From 1f3ab1579f3135751ef60c2ba9364470882aecef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 17:27:57 +0100 Subject: [PATCH 252/291] chore(deps): bump JamesIves/github-pages-deploy-action (#16) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.7.2 to 4.7.3. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.7.2...v4.7.3) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2172870..0679cb8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -69,7 +69,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.7.2 + uses: JamesIves/github-pages-deploy-action@v4.7.3 with: repository-name: taskmedia/helm branch: gh-pages From 90683ea7057fd90e26c781c87704fecd8a538726 Mon Sep 17 00:00:00 2001 From: fty4 <16336640+fty4@users.noreply.github.com> Date: Thu, 13 Mar 2025 16:29:41 +0000 Subject: [PATCH 253/291] chore(release): update version to v1.1.0 --- charts/paperlessngx-backup/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-backup/Chart.yaml b/charts/paperlessngx-backup/Chart.yaml index 7a9b48a..d33cc90 100644 --- a/charts/paperlessngx-backup/Chart.yaml +++ b/charts/paperlessngx-backup/Chart.yaml @@ -16,4 +16,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 1.0.0 +version: 1.1.0 From 69e380c69dcb8b09541519875ed19802668eeb1f Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Thu, 13 Mar 2025 20:16:16 +0100 Subject: [PATCH 254/291] feat: allow to use existing secret for ftp / pl password (#42) --- .../paperlessngx-ftp-bridge/templates/deployment.yaml | 8 ++++---- charts/paperlessngx-ftp-bridge/templates/secrets.yaml | 6 ++++++ charts/paperlessngx-ftp-bridge/values.yaml | 10 ++++++++++ 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml index 606a907..cc02bcb 100644 --- a/charts/paperlessngx-ftp-bridge/templates/deployment.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml @@ -37,8 +37,8 @@ spec: - name: FTP_PASSWORD valueFrom: secretKeyRef: - name: {{ include "plngxftpbridge.fullname" . }} - key: ftp-password + name: {{ default (include "plngxftpbridge.fullname" .) .Values.ftp.passwordExistingSecret.name }} + key: {{ default "ftp-password" .Values.ftp.passwordExistingSecret.key }} - name: FTP_PATH value: "{{ .Values.ftp.path }}" - name: PAPERLESS_URL @@ -48,8 +48,8 @@ spec: - name: PAPERLESS_PASSWORD valueFrom: secretKeyRef: - name: {{ include "plngxftpbridge.fullname" . }} - key: paperless-password + name: {{ default (include "plngxftpbridge.fullname" .) .Values.paperless.passwordExistingSecret.name }} + key: {{ default "paperless-password" .Values.paperless.passwordExistingSecret.key }} livenessProbe: httpGet: path: /healthz diff --git a/charts/paperlessngx-ftp-bridge/templates/secrets.yaml b/charts/paperlessngx-ftp-bridge/templates/secrets.yaml index 204a835..c82fc8f 100644 --- a/charts/paperlessngx-ftp-bridge/templates/secrets.yaml +++ b/charts/paperlessngx-ftp-bridge/templates/secrets.yaml @@ -1,8 +1,14 @@ +{{- if or .Values.ftp.password .Values.paperless.password }} apiVersion: v1 kind: Secret metadata: name: "{{ include "plngxftpbridge.fullname" . }}" type: Opaque stringData: + {{- if .Values.ftp.password }} ftp-password: {{ required "ftp.password is required" .Values.ftp.password | quote }} + {{- end }} + {{- if .Values.paperless.password }} paperless-password: {{ required "paperless.password is required" .Values.paperless.password | quote }} + {{- end }} +{{- end }} diff --git a/charts/paperlessngx-ftp-bridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml index 082f430..4fe7e57 100644 --- a/charts/paperlessngx-ftp-bridge/values.yaml +++ b/charts/paperlessngx-ftp-bridge/values.yaml @@ -9,7 +9,12 @@ ftp: # e.g. ftp.example.org:21 host: "" user: "" + # password for ftp connection password: "" + # passwordExistingSecret is used to reference an existing secret in the same namespace + passwordExistingSecret: + name: "" + key: "" path: "." # paperless-ngx configuration to send documents to @@ -17,7 +22,12 @@ paperless: # url with protocol but no API endpoint url: "http://paperless-ngx:8000" username: "" + # password for paperless-ngx password: "" + # passwordExistingSecret is used to reference an existing secret in the same namespace + passwordExistingSecret: + name: "" + key: "" # image used for bridge image: From a13c04f252e852e191b173a0c5f79cf4db56ed07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 20:16:50 +0100 Subject: [PATCH 255/291] chore(deps): bump docker/build-push-action from 6.13.0 to 6.15.0 (#41) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.13.0 to 6.15.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/ca877d9245402d1537745e0e356eab47c3520991...471d1dc4e07e5cdedd4c2171150001c434f0b7a4) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0bcbd29..2d937c6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -95,7 +95,7 @@ jobs: # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . platforms: | From d22f472cf353bc14efc49378936c2d399f00bdd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 20:17:05 +0100 Subject: [PATCH 256/291] chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.1 (#40) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.7.0 to 3.8.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da...d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2d937c6..512fc5d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -62,7 +62,7 @@ jobs: # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 + uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx From bf8579954cd6bd413c95ea42e9a846b75b32717d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 20:17:37 +0100 Subject: [PATCH 257/291] chore(deps): bump docker/setup-buildx-action from 3.8.0 to 3.10.0 (#39) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.8.0 to 3.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6524bf65af31da8d45b59e8c27de4bd072b392f5...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 512fc5d..7371497 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -66,7 +66,7 @@ jobs: # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 # Login against a Docker registry except on PR # https://github.com/docker/login-action From c65d1a7ca8607e629be161b77d6cae392e1f7198 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 20:17:53 +0100 Subject: [PATCH 258/291] chore(deps): bump JamesIves/github-pages-deploy-action (#38) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.7.2 to 4.7.3. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.7.2...v4.7.3) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7371497..295e317 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -182,7 +182,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.7.2 + uses: JamesIves/github-pages-deploy-action@v4.7.3 with: repository-name: taskmedia/helm branch: gh-pages From 98c94c4e546bba09ca800a46d83069226fc3817b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 20:18:06 +0100 Subject: [PATCH 259/291] chore(deps): bump docker/metadata-action from 5.6.1 to 5.7.0 (#37) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/369eb591f429131d6889c46b94e711f089e6ca96...902fa8ec7d6ecbf8d84d538b9b233a880e428804) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 295e317..930589a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -87,7 +87,7 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} From 3998fd76e1dbd4aba34c817091fbb93fde1f0749 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 20:18:21 +0100 Subject: [PATCH 260/291] chore(deps): bump golang from 1.23-alpine to 1.24-alpine (#36) Bumps golang from 1.23-alpine to 1.24-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d1801dd..543c3e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # ghcr.io/taskmedia/paperlessngx-ftp-bridge-image -FROM golang:1.23-alpine AS builder +FROM golang:1.24-alpine AS builder WORKDIR /app COPY go.mod go.sum ./ RUN go mod download From 58b0b6583553cf47487551f602cc1a923b8b87bd Mon Sep 17 00:00:00 2001 From: fty4 <16336640+fty4@users.noreply.github.com> Date: Thu, 13 Mar 2025 19:20:56 +0000 Subject: [PATCH 261/291] chore(release): update version to v1.2.0 --- charts/paperlessngx-ftp-bridge/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml index a6c1ca7..dde8fca 100644 --- a/charts/paperlessngx-ftp-bridge/Chart.yaml +++ b/charts/paperlessngx-ftp-bridge/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/taskmedia/helm icon: https://media.task.media/images/logo.png type: application -version: 1.1.0 +version: 1.2.0 From c30dfe36de9006010ff059c0d3ab61a8a2af6e01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Mar 2025 14:15:18 +0100 Subject: [PATCH 262/291] chore(deps): bump JamesIves/github-pages-deploy-action (#37) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.7.2 to 4.7.3. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.7.2...v4.7.3) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0262e97..5585aca 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -69,7 +69,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.7.2 + uses: JamesIves/github-pages-deploy-action@v4.7.3 with: repository-name: taskmedia/helm branch: gh-pages From 58179b34567976b58b2de2e0150fb09e97e12caf Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 12 Jul 2025 19:38:01 +0200 Subject: [PATCH 263/291] chore: use traefik.io for ingressrouteudp (#39) --- .../templates/ingress/traefik/ingressrouteudp.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml b/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml index 307801c..6f25985 100644 --- a/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml +++ b/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml @@ -1,7 +1,7 @@ {{- $fullname_vpn_server := (printf "%s-vpn-server" (include "ipsec-vpn-server.fullname" .)) -}} {{- if .Values.ingress.traefik.enabled }} {{- range .Values.service.ports }} -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: IngressRouteUDP metadata: name: {{ $fullname_vpn_server }}-{{ .name }} From 496068cc7076e6060c7837c0da735176831f1c6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 12 Jul 2025 19:38:33 +0200 Subject: [PATCH 264/291] chore(deps): bump stefanzweifel/git-auto-commit-action from 5 to 6 (#38) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5 to 6. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v5...v6) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5585aca..d83f243 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/ipsec-vpn-server/Chart.yaml - name: commit version bump - uses: stefanzweifel/git-auto-commit-action@v5 + uses: stefanzweifel/git-auto-commit-action@v6 with: branch: main commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" From d0f5ed085260e67390ea7a2dd227af82494d7b2c Mon Sep 17 00:00:00 2001 From: fty4 <16336640+fty4@users.noreply.github.com> Date: Sat, 12 Jul 2025 17:49:29 +0000 Subject: [PATCH 265/291] chore(release): update version to v2.2.0 --- charts/ipsec-vpn-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml index a03646a..6f40f7b 100644 --- a/charts/ipsec-vpn-server/Chart.yaml +++ b/charts/ipsec-vpn-server/Chart.yaml @@ -14,7 +14,7 @@ sources: - https://github.com/taskmedia/helm_ipsec-vpn-server - https://github.com/taskmedia/helm type: application -version: 2.1.2 +version: 2.2.0 # hwdsl2/docker-ipsec-vpn-server does not provide versioning # see: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/98 appVersion: "latest" From 15983a91d7994a8e5c94469abc83e0ea886410cb Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 12 Jul 2025 19:56:18 +0200 Subject: [PATCH 266/291] fix: use python 3.8 for test (#26) --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 859084f..a1cd818 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -26,7 +26,7 @@ jobs: - name: setup python uses: actions/setup-python@v2 with: - python-version: 3.7 + python-version: 3.8 - name: set up chart-testing uses: helm/chart-testing-action@v2.2.1 From cfeab8cf88a3979904ea00c1e0dfa04c677ea053 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 12 Jul 2025 20:02:56 +0200 Subject: [PATCH 267/291] chore: updating trafik CRD apiVersion (#25) --- templates/web/ingress.yaml | 2 +- templates/web/middleware.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/web/ingress.yaml b/templates/web/ingress.yaml index 49ef6ec..be941bc 100644 --- a/templates/web/ingress.yaml +++ b/templates/web/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.web.ingressroute.enabled }} -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: {{ include "vpn-ios-profile.fullname" . }}-web diff --git a/templates/web/middleware.yaml b/templates/web/middleware.yaml index 9d881b5..e48eb16 100644 --- a/templates/web/middleware.yaml +++ b/templates/web/middleware.yaml @@ -1,5 +1,5 @@ {{- if and .Values.web.ingressroute.enabled (and .Values.web.ingressroute.username .Values.web.ingressroute.password) }} -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: {{ include "vpn-ios-profile.fullname" . }}-web-basicauth From 4195286609bde36030b958befe1f7e832c875886 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Sat, 12 Jul 2025 20:04:58 +0200 Subject: [PATCH 268/291] chore: update chart dependency vpnserver to 2.0.0 (#23) * chore: update chart dependency vpnserver to 2.0.0 * chore: use latest version v2.2.0 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index cf5d6bb..713b5b5 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -23,7 +23,7 @@ appVersion: "latest" dependencies: - alias: vpnserver name: ipsec-vpn-server - version: 1.1.4 + version: 2.2.0 repository: "https://helm.task.media/" icon: https://media.task.media/images/logo.png From 06d203d16ac81f0263c0a860df7bb2e4a75bfb6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Oct 2025 00:02:24 +0200 Subject: [PATCH 269/291] chore(deps): bump actions/setup-python from 5 to 6 (#20) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b717d9b..b960ffd 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -19,7 +19,7 @@ jobs: with: version: v3.10.0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.9" check-latest: true From ce782e53089d44172a325445c7f1e1677d8ffa79 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Oct 2025 00:02:40 +0200 Subject: [PATCH 270/291] chore(deps): bump actions/setup-python from 5 to 6 (#41) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 381d0a9..19de085 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -16,7 +16,7 @@ jobs: with: version: v3.10.0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: '3.9' check-latest: true From c2b4f1978cc0b37d61277671e72ddda4cc115ab7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Oct 2025 09:51:05 +0200 Subject: [PATCH 271/291] chore(deps): bump stefanzweifel/git-auto-commit-action from 5 to 6 (#18) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5 to 6. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v5...v6) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0679cb8..d526a85 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/paperlessngx-backup/Chart.yaml - name: commit version bump - uses: stefanzweifel/git-auto-commit-action@v5 + uses: stefanzweifel/git-auto-commit-action@v6 with: branch: main commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" From f8b345b035edf4982e76ae36ca148d36e16f4976 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Oct 2025 09:54:05 +0200 Subject: [PATCH 272/291] chore(deps): bump actions/checkout from 4 to 5 (#40) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d83f243..7c761c8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,7 +8,7 @@ jobs: if: github.repository == 'taskmedia/helm_ipsec-vpn-server' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 19de085..dba12eb 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 From a52c5d048e28857dfbc807a8c7357948d38a9dd7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Oct 2025 09:54:25 +0200 Subject: [PATCH 273/291] chore(deps): bump actions/checkout from 4 to 5 (#19) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d526a85..deb4485 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,7 +8,7 @@ jobs: if: github.repository == 'taskmedia/helm_paperlessngx-backup' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b960ffd..dbd7fd9 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 From 0e02fa7a6089befdaee890c3e57384679e99a9d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:26:01 +0100 Subject: [PATCH 274/291] chore(deps): bump JamesIves/github-pages-deploy-action (#25) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.7.3 to 4.7.4. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.7.3...v4.7.4) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-version: 4.7.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index deb4485..468af50 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -69,7 +69,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.7.3 + uses: JamesIves/github-pages-deploy-action@v4.7.4 with: repository-name: taskmedia/helm branch: gh-pages From 5c0f1762eda1997ea397763df14fc4394996daac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:26:27 +0100 Subject: [PATCH 275/291] chore(deps): bump actions/checkout from 5 to 6 (#22) Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 468af50..9400e87 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,7 +8,7 @@ jobs: if: github.repository == 'taskmedia/helm_paperlessngx-backup' steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index dbd7fd9..b3fe533 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 From 3fefee5b9c3998802b32dd0418c68ab7ff5ca7e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:26:40 +0100 Subject: [PATCH 276/291] chore(deps): bump helm/kind-action from 1.12.0 to 1.13.0 (#23) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.12.0 to 1.13.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.12.0...v1.13.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-version: 1.13.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b3fe533..9dc13bc 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -43,7 +43,7 @@ jobs: --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster - uses: helm/kind-action@v1.12.0 + uses: helm/kind-action@v1.13.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From 263e2e00a2ff233f3758e45fa3a19599ae60c89c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:26:54 +0100 Subject: [PATCH 277/291] chore(deps): bump helm/chart-testing-action from 2.7.0 to 2.8.0 (#24) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.7.0...v2.8.0) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9dc13bc..b1c5def 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -25,7 +25,7 @@ jobs: check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.7.0 + uses: helm/chart-testing-action@v2.8.0 - name: Run chart-testing (list-changed) id: list-changed From 1b9a182efd17d458f2de12fcdff027a55b28ea91 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:34:00 +0100 Subject: [PATCH 278/291] chore(deps): bump stefanzweifel/git-auto-commit-action from 6 to 7 (#42) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 6 to 7. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v6...v7) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7c761c8..601ce02 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/ipsec-vpn-server/Chart.yaml - name: commit version bump - uses: stefanzweifel/git-auto-commit-action@v6 + uses: stefanzweifel/git-auto-commit-action@v7 with: branch: main commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" From 4bdd134ea46e82d38057c3c0c40ff088f81c3e05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:34:14 +0100 Subject: [PATCH 279/291] chore(deps): bump helm/chart-testing-action from 2.7.0 to 2.8.0 (#43) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.7.0...v2.8.0) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index dba12eb..2ffa992 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -22,7 +22,7 @@ jobs: check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.7.0 + uses: helm/chart-testing-action@v2.8.0 - name: Run chart-testing (list-changed) id: list-changed From 91516f409725171a6fd03936311597ae2931f0dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:34:30 +0100 Subject: [PATCH 280/291] chore(deps): bump JamesIves/github-pages-deploy-action (#44) Bumps [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) from 4.7.3 to 4.7.4. - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/v4.7.3...v4.7.4) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-version: 4.7.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 601ce02..d95864e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -69,7 +69,7 @@ jobs: helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.7.3 + uses: JamesIves/github-pages-deploy-action@v4.7.4 with: repository-name: taskmedia/helm branch: gh-pages From 86a71efa55e282d19fa8981c7c010a0ce0c18b29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:34:49 +0100 Subject: [PATCH 281/291] chore(deps): bump helm/kind-action from 1.12.0 to 1.13.0 (#45) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.12.0 to 1.13.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.12.0...v1.13.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-version: 1.13.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 2ffa992..dc2f8fe 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -40,7 +40,7 @@ jobs: --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster - uses: helm/kind-action@v1.12.0 + uses: helm/kind-action@v1.13.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From f12a689bf9b1255f8aa2de4bb1bcd94f700176c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 09:35:05 +0100 Subject: [PATCH 282/291] chore(deps): bump actions/checkout from 5 to 6 (#46) Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d95864e..9046c97 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,7 +8,7 @@ jobs: if: github.repository == 'taskmedia/helm_ipsec-vpn-server' steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index dc2f8fe..944438a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 From 39596a0f19e6d263519678175e9e9448f4acc1ed Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:04:03 +0100 Subject: [PATCH 283/291] chore(merge): separate folder helm_ipsec-vpn-server --- {.github => helm_ipsec-vpn-server/.github}/dependabot.yml | 0 {.github => helm_ipsec-vpn-server/.github}/workflows/release.yaml | 0 {.github => helm_ipsec-vpn-server/.github}/workflows/test.yaml | 0 .gitignore => helm_ipsec-vpn-server/.gitignore | 0 .helmignore => helm_ipsec-vpn-server/.helmignore | 0 README.md => helm_ipsec-vpn-server/README.md | 0 .../charts}/ipsec-vpn-server/Chart.yaml | 0 .../charts}/ipsec-vpn-server/README.md | 0 .../charts}/ipsec-vpn-server/templates/NOTES.txt | 0 .../charts}/ipsec-vpn-server/templates/_helpers.tpl | 0 .../charts}/ipsec-vpn-server/templates/configmap.yaml | 0 .../charts}/ipsec-vpn-server/templates/deployment.yaml | 0 .../templates/ingress/traefik/ingressrouteudp.yaml | 0 .../charts}/ipsec-vpn-server/templates/pvc.yaml | 0 .../charts}/ipsec-vpn-server/templates/secret-sealed.yaml | 0 .../charts}/ipsec-vpn-server/templates/secret.yaml | 0 .../charts}/ipsec-vpn-server/templates/service.yaml | 0 .../charts}/ipsec-vpn-server/values.yaml | 0 {scripts => helm_ipsec-vpn-server/scripts}/.gitignore | 0 {scripts => helm_ipsec-vpn-server/scripts}/fetch-publickey.sh | 0 {scripts => helm_ipsec-vpn-server/scripts}/seal-secret.sh | 0 21 files changed, 0 insertions(+), 0 deletions(-) rename {.github => helm_ipsec-vpn-server/.github}/dependabot.yml (100%) rename {.github => helm_ipsec-vpn-server/.github}/workflows/release.yaml (100%) rename {.github => helm_ipsec-vpn-server/.github}/workflows/test.yaml (100%) rename .gitignore => helm_ipsec-vpn-server/.gitignore (100%) rename .helmignore => helm_ipsec-vpn-server/.helmignore (100%) rename README.md => helm_ipsec-vpn-server/README.md (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/Chart.yaml (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/README.md (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/NOTES.txt (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/_helpers.tpl (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/configmap.yaml (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/deployment.yaml (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/pvc.yaml (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/secret-sealed.yaml (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/secret.yaml (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/templates/service.yaml (100%) rename {charts => helm_ipsec-vpn-server/charts}/ipsec-vpn-server/values.yaml (100%) rename {scripts => helm_ipsec-vpn-server/scripts}/.gitignore (100%) rename {scripts => helm_ipsec-vpn-server/scripts}/fetch-publickey.sh (100%) rename {scripts => helm_ipsec-vpn-server/scripts}/seal-secret.sh (100%) diff --git a/.github/dependabot.yml b/helm_ipsec-vpn-server/.github/dependabot.yml similarity index 100% rename from .github/dependabot.yml rename to helm_ipsec-vpn-server/.github/dependabot.yml diff --git a/.github/workflows/release.yaml b/helm_ipsec-vpn-server/.github/workflows/release.yaml similarity index 100% rename from .github/workflows/release.yaml rename to helm_ipsec-vpn-server/.github/workflows/release.yaml diff --git a/.github/workflows/test.yaml b/helm_ipsec-vpn-server/.github/workflows/test.yaml similarity index 100% rename from .github/workflows/test.yaml rename to helm_ipsec-vpn-server/.github/workflows/test.yaml diff --git a/.gitignore b/helm_ipsec-vpn-server/.gitignore similarity index 100% rename from .gitignore rename to helm_ipsec-vpn-server/.gitignore diff --git a/.helmignore b/helm_ipsec-vpn-server/.helmignore similarity index 100% rename from .helmignore rename to helm_ipsec-vpn-server/.helmignore diff --git a/README.md b/helm_ipsec-vpn-server/README.md similarity index 100% rename from README.md rename to helm_ipsec-vpn-server/README.md diff --git a/charts/ipsec-vpn-server/Chart.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/Chart.yaml similarity index 100% rename from charts/ipsec-vpn-server/Chart.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/Chart.yaml diff --git a/charts/ipsec-vpn-server/README.md b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/README.md similarity index 100% rename from charts/ipsec-vpn-server/README.md rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/README.md diff --git a/charts/ipsec-vpn-server/templates/NOTES.txt b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/NOTES.txt similarity index 100% rename from charts/ipsec-vpn-server/templates/NOTES.txt rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/NOTES.txt diff --git a/charts/ipsec-vpn-server/templates/_helpers.tpl b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/_helpers.tpl similarity index 100% rename from charts/ipsec-vpn-server/templates/_helpers.tpl rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/_helpers.tpl diff --git a/charts/ipsec-vpn-server/templates/configmap.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/configmap.yaml similarity index 100% rename from charts/ipsec-vpn-server/templates/configmap.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/configmap.yaml diff --git a/charts/ipsec-vpn-server/templates/deployment.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/deployment.yaml similarity index 100% rename from charts/ipsec-vpn-server/templates/deployment.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/deployment.yaml diff --git a/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml similarity index 100% rename from charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml diff --git a/charts/ipsec-vpn-server/templates/pvc.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/pvc.yaml similarity index 100% rename from charts/ipsec-vpn-server/templates/pvc.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/pvc.yaml diff --git a/charts/ipsec-vpn-server/templates/secret-sealed.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/secret-sealed.yaml similarity index 100% rename from charts/ipsec-vpn-server/templates/secret-sealed.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/secret-sealed.yaml diff --git a/charts/ipsec-vpn-server/templates/secret.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/secret.yaml similarity index 100% rename from charts/ipsec-vpn-server/templates/secret.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/secret.yaml diff --git a/charts/ipsec-vpn-server/templates/service.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/service.yaml similarity index 100% rename from charts/ipsec-vpn-server/templates/service.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/service.yaml diff --git a/charts/ipsec-vpn-server/values.yaml b/helm_ipsec-vpn-server/charts/ipsec-vpn-server/values.yaml similarity index 100% rename from charts/ipsec-vpn-server/values.yaml rename to helm_ipsec-vpn-server/charts/ipsec-vpn-server/values.yaml diff --git a/scripts/.gitignore b/helm_ipsec-vpn-server/scripts/.gitignore similarity index 100% rename from scripts/.gitignore rename to helm_ipsec-vpn-server/scripts/.gitignore diff --git a/scripts/fetch-publickey.sh b/helm_ipsec-vpn-server/scripts/fetch-publickey.sh similarity index 100% rename from scripts/fetch-publickey.sh rename to helm_ipsec-vpn-server/scripts/fetch-publickey.sh diff --git a/scripts/seal-secret.sh b/helm_ipsec-vpn-server/scripts/seal-secret.sh similarity index 100% rename from scripts/seal-secret.sh rename to helm_ipsec-vpn-server/scripts/seal-secret.sh From 7d66e12d3b41a707dcde8597965bbea2e0eceb1b Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:16:31 +0100 Subject: [PATCH 284/291] chore(merge): move charts to root-charts directory --- .../charts => charts}/ipsec-vpn-server/Chart.yaml | 0 .../charts => charts}/ipsec-vpn-server/README.md | 0 .../charts => charts}/ipsec-vpn-server/templates/NOTES.txt | 0 .../charts => charts}/ipsec-vpn-server/templates/_helpers.tpl | 0 .../charts => charts}/ipsec-vpn-server/templates/configmap.yaml | 0 .../charts => charts}/ipsec-vpn-server/templates/deployment.yaml | 0 .../templates/ingress/traefik/ingressrouteudp.yaml | 0 .../charts => charts}/ipsec-vpn-server/templates/pvc.yaml | 0 .../ipsec-vpn-server/templates/secret-sealed.yaml | 0 .../charts => charts}/ipsec-vpn-server/templates/secret.yaml | 0 .../charts => charts}/ipsec-vpn-server/templates/service.yaml | 0 .../charts => charts}/ipsec-vpn-server/values.yaml | 0 .../charts => charts}/paperlessngx-backup/.helmignore | 0 .../charts => charts}/paperlessngx-backup/Chart.yaml | 0 .../charts => charts}/paperlessngx-backup/README.md | 0 .../charts => charts}/paperlessngx-backup/templates/_helpers.tpl | 0 .../paperlessngx-backup/templates/configmap.yaml | 0 .../charts => charts}/paperlessngx-backup/templates/cronjob.yaml | 0 .../paperlessngx-backup/templates/rbac/role.yaml | 0 .../paperlessngx-backup/templates/rbac/rolebinding.yaml | 0 .../paperlessngx-backup/templates/rbac/serviceaccount.yaml | 0 .../charts => charts}/paperlessngx-backup/templates/secret.yaml | 0 .../charts => charts}/paperlessngx-backup/values.yaml | 0 .../paperlessngx-ftp-bridge}/.helmignore | 0 .../charts => charts}/paperlessngx-ftp-bridge/Chart.yaml | 0 .../charts => charts}/paperlessngx-ftp-bridge/README.md | 0 .../paperlessngx-ftp-bridge/templates/_helpers.tpl | 0 .../paperlessngx-ftp-bridge/templates/deployment.yaml | 0 .../paperlessngx-ftp-bridge/templates/secrets.yaml | 0 .../charts => charts}/paperlessngx-ftp-bridge/values.yaml | 0 {helm_vpn-ios-profile => charts/vpn-ios-profile}/.gitignore | 0 .../vpn-ios-profile}/.helmignore | 0 {helm_vpn-ios-profile => charts/vpn-ios-profile}/Chart.yaml | 0 {helm_vpn-ios-profile => charts/vpn-ios-profile}/README.md | 0 .../vpn-ios-profile}/templates/NOTES.txt | 0 .../vpn-ios-profile}/templates/_helpers.tpl | 0 .../vpn-ios-profile}/templates/certs.tpl | 0 .../vpn-ios-profile}/templates/secret-ios-profile.yaml | 0 .../vpn-ios-profile}/templates/tests/test-connection.yaml | 0 .../vpn-ios-profile}/templates/vpn.always.tpl | 0 .../vpn-ios-profile}/templates/vpn.manual.tpl | 0 .../vpn-ios-profile}/templates/vpn.tpl | 0 .../vpn-ios-profile}/templates/vpn.wifi.tpl | 0 .../vpn-ios-profile}/templates/web/deployment.yaml | 0 .../vpn-ios-profile}/templates/web/ingress.yaml | 0 .../vpn-ios-profile}/templates/web/middleware.yaml | 0 .../vpn-ios-profile}/templates/web/secret-basicauth.yaml | 0 .../vpn-ios-profile}/templates/web/service.yaml | 0 .../vpn-ios-profile}/templates/wifi.tpl | 0 .../vpn-ios-profile}/test/vpn-vpn.mobileconfig | 0 {helm_vpn-ios-profile => charts/vpn-ios-profile}/values.yaml | 0 51 files changed, 0 insertions(+), 0 deletions(-) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/Chart.yaml (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/README.md (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/NOTES.txt (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/_helpers.tpl (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/configmap.yaml (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/deployment.yaml (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/pvc.yaml (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/secret-sealed.yaml (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/secret.yaml (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/templates/service.yaml (100%) rename {helm_ipsec-vpn-server/charts => charts}/ipsec-vpn-server/values.yaml (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/.helmignore (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/Chart.yaml (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/README.md (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/templates/_helpers.tpl (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/templates/configmap.yaml (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/templates/cronjob.yaml (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/templates/rbac/role.yaml (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/templates/rbac/rolebinding.yaml (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/templates/rbac/serviceaccount.yaml (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/templates/secret.yaml (100%) rename {helm_paperlessngx-backup/charts => charts}/paperlessngx-backup/values.yaml (100%) rename {helm_vpn-ios-profile => charts/paperlessngx-ftp-bridge}/.helmignore (100%) rename {paperlessngx-ftp-bridge/charts => charts}/paperlessngx-ftp-bridge/Chart.yaml (100%) rename {paperlessngx-ftp-bridge/charts => charts}/paperlessngx-ftp-bridge/README.md (100%) rename {paperlessngx-ftp-bridge/charts => charts}/paperlessngx-ftp-bridge/templates/_helpers.tpl (100%) rename {paperlessngx-ftp-bridge/charts => charts}/paperlessngx-ftp-bridge/templates/deployment.yaml (100%) rename {paperlessngx-ftp-bridge/charts => charts}/paperlessngx-ftp-bridge/templates/secrets.yaml (100%) rename {paperlessngx-ftp-bridge/charts => charts}/paperlessngx-ftp-bridge/values.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/.gitignore (100%) rename {paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge => charts/vpn-ios-profile}/.helmignore (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/Chart.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/README.md (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/NOTES.txt (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/_helpers.tpl (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/certs.tpl (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/secret-ios-profile.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/tests/test-connection.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/vpn.always.tpl (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/vpn.manual.tpl (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/vpn.tpl (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/vpn.wifi.tpl (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/web/deployment.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/web/ingress.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/web/middleware.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/web/secret-basicauth.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/web/service.yaml (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/templates/wifi.tpl (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/test/vpn-vpn.mobileconfig (100%) rename {helm_vpn-ios-profile => charts/vpn-ios-profile}/values.yaml (100%) diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/Chart.yaml b/charts/ipsec-vpn-server/Chart.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/Chart.yaml rename to charts/ipsec-vpn-server/Chart.yaml diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/README.md b/charts/ipsec-vpn-server/README.md similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/README.md rename to charts/ipsec-vpn-server/README.md diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/NOTES.txt b/charts/ipsec-vpn-server/templates/NOTES.txt similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/NOTES.txt rename to charts/ipsec-vpn-server/templates/NOTES.txt diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/_helpers.tpl b/charts/ipsec-vpn-server/templates/_helpers.tpl similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/_helpers.tpl rename to charts/ipsec-vpn-server/templates/_helpers.tpl diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/configmap.yaml b/charts/ipsec-vpn-server/templates/configmap.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/configmap.yaml rename to charts/ipsec-vpn-server/templates/configmap.yaml diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/deployment.yaml b/charts/ipsec-vpn-server/templates/deployment.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/deployment.yaml rename to charts/ipsec-vpn-server/templates/deployment.yaml diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml b/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml rename to charts/ipsec-vpn-server/templates/ingress/traefik/ingressrouteudp.yaml diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/pvc.yaml b/charts/ipsec-vpn-server/templates/pvc.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/pvc.yaml rename to charts/ipsec-vpn-server/templates/pvc.yaml diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/secret-sealed.yaml b/charts/ipsec-vpn-server/templates/secret-sealed.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/secret-sealed.yaml rename to charts/ipsec-vpn-server/templates/secret-sealed.yaml diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/secret.yaml b/charts/ipsec-vpn-server/templates/secret.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/secret.yaml rename to charts/ipsec-vpn-server/templates/secret.yaml diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/service.yaml b/charts/ipsec-vpn-server/templates/service.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/templates/service.yaml rename to charts/ipsec-vpn-server/templates/service.yaml diff --git a/helm_ipsec-vpn-server/charts/ipsec-vpn-server/values.yaml b/charts/ipsec-vpn-server/values.yaml similarity index 100% rename from helm_ipsec-vpn-server/charts/ipsec-vpn-server/values.yaml rename to charts/ipsec-vpn-server/values.yaml diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/.helmignore b/charts/paperlessngx-backup/.helmignore similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/.helmignore rename to charts/paperlessngx-backup/.helmignore diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/Chart.yaml b/charts/paperlessngx-backup/Chart.yaml similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/Chart.yaml rename to charts/paperlessngx-backup/Chart.yaml diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/README.md b/charts/paperlessngx-backup/README.md similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/README.md rename to charts/paperlessngx-backup/README.md diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/templates/_helpers.tpl b/charts/paperlessngx-backup/templates/_helpers.tpl similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/templates/_helpers.tpl rename to charts/paperlessngx-backup/templates/_helpers.tpl diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/templates/configmap.yaml b/charts/paperlessngx-backup/templates/configmap.yaml similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/templates/configmap.yaml rename to charts/paperlessngx-backup/templates/configmap.yaml diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/templates/cronjob.yaml b/charts/paperlessngx-backup/templates/cronjob.yaml similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/templates/cronjob.yaml rename to charts/paperlessngx-backup/templates/cronjob.yaml diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/templates/rbac/role.yaml b/charts/paperlessngx-backup/templates/rbac/role.yaml similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/templates/rbac/role.yaml rename to charts/paperlessngx-backup/templates/rbac/role.yaml diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/templates/rbac/rolebinding.yaml b/charts/paperlessngx-backup/templates/rbac/rolebinding.yaml similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/templates/rbac/rolebinding.yaml rename to charts/paperlessngx-backup/templates/rbac/rolebinding.yaml diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/templates/rbac/serviceaccount.yaml b/charts/paperlessngx-backup/templates/rbac/serviceaccount.yaml similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/templates/rbac/serviceaccount.yaml rename to charts/paperlessngx-backup/templates/rbac/serviceaccount.yaml diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/templates/secret.yaml b/charts/paperlessngx-backup/templates/secret.yaml similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/templates/secret.yaml rename to charts/paperlessngx-backup/templates/secret.yaml diff --git a/helm_paperlessngx-backup/charts/paperlessngx-backup/values.yaml b/charts/paperlessngx-backup/values.yaml similarity index 100% rename from helm_paperlessngx-backup/charts/paperlessngx-backup/values.yaml rename to charts/paperlessngx-backup/values.yaml diff --git a/helm_vpn-ios-profile/.helmignore b/charts/paperlessngx-ftp-bridge/.helmignore similarity index 100% rename from helm_vpn-ios-profile/.helmignore rename to charts/paperlessngx-ftp-bridge/.helmignore diff --git a/paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/Chart.yaml b/charts/paperlessngx-ftp-bridge/Chart.yaml similarity index 100% rename from paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/Chart.yaml rename to charts/paperlessngx-ftp-bridge/Chart.yaml diff --git a/paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/README.md b/charts/paperlessngx-ftp-bridge/README.md similarity index 100% rename from paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/README.md rename to charts/paperlessngx-ftp-bridge/README.md diff --git a/paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/templates/_helpers.tpl b/charts/paperlessngx-ftp-bridge/templates/_helpers.tpl similarity index 100% rename from paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/templates/_helpers.tpl rename to charts/paperlessngx-ftp-bridge/templates/_helpers.tpl diff --git a/paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/templates/deployment.yaml b/charts/paperlessngx-ftp-bridge/templates/deployment.yaml similarity index 100% rename from paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/templates/deployment.yaml rename to charts/paperlessngx-ftp-bridge/templates/deployment.yaml diff --git a/paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/templates/secrets.yaml b/charts/paperlessngx-ftp-bridge/templates/secrets.yaml similarity index 100% rename from paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/templates/secrets.yaml rename to charts/paperlessngx-ftp-bridge/templates/secrets.yaml diff --git a/paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/values.yaml b/charts/paperlessngx-ftp-bridge/values.yaml similarity index 100% rename from paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/values.yaml rename to charts/paperlessngx-ftp-bridge/values.yaml diff --git a/helm_vpn-ios-profile/.gitignore b/charts/vpn-ios-profile/.gitignore similarity index 100% rename from helm_vpn-ios-profile/.gitignore rename to charts/vpn-ios-profile/.gitignore diff --git a/paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/.helmignore b/charts/vpn-ios-profile/.helmignore similarity index 100% rename from paperlessngx-ftp-bridge/charts/paperlessngx-ftp-bridge/.helmignore rename to charts/vpn-ios-profile/.helmignore diff --git a/helm_vpn-ios-profile/Chart.yaml b/charts/vpn-ios-profile/Chart.yaml similarity index 100% rename from helm_vpn-ios-profile/Chart.yaml rename to charts/vpn-ios-profile/Chart.yaml diff --git a/helm_vpn-ios-profile/README.md b/charts/vpn-ios-profile/README.md similarity index 100% rename from helm_vpn-ios-profile/README.md rename to charts/vpn-ios-profile/README.md diff --git a/helm_vpn-ios-profile/templates/NOTES.txt b/charts/vpn-ios-profile/templates/NOTES.txt similarity index 100% rename from helm_vpn-ios-profile/templates/NOTES.txt rename to charts/vpn-ios-profile/templates/NOTES.txt diff --git a/helm_vpn-ios-profile/templates/_helpers.tpl b/charts/vpn-ios-profile/templates/_helpers.tpl similarity index 100% rename from helm_vpn-ios-profile/templates/_helpers.tpl rename to charts/vpn-ios-profile/templates/_helpers.tpl diff --git a/helm_vpn-ios-profile/templates/certs.tpl b/charts/vpn-ios-profile/templates/certs.tpl similarity index 100% rename from helm_vpn-ios-profile/templates/certs.tpl rename to charts/vpn-ios-profile/templates/certs.tpl diff --git a/helm_vpn-ios-profile/templates/secret-ios-profile.yaml b/charts/vpn-ios-profile/templates/secret-ios-profile.yaml similarity index 100% rename from helm_vpn-ios-profile/templates/secret-ios-profile.yaml rename to charts/vpn-ios-profile/templates/secret-ios-profile.yaml diff --git a/helm_vpn-ios-profile/templates/tests/test-connection.yaml b/charts/vpn-ios-profile/templates/tests/test-connection.yaml similarity index 100% rename from helm_vpn-ios-profile/templates/tests/test-connection.yaml rename to charts/vpn-ios-profile/templates/tests/test-connection.yaml diff --git a/helm_vpn-ios-profile/templates/vpn.always.tpl b/charts/vpn-ios-profile/templates/vpn.always.tpl similarity index 100% rename from helm_vpn-ios-profile/templates/vpn.always.tpl rename to charts/vpn-ios-profile/templates/vpn.always.tpl diff --git a/helm_vpn-ios-profile/templates/vpn.manual.tpl b/charts/vpn-ios-profile/templates/vpn.manual.tpl similarity index 100% rename from helm_vpn-ios-profile/templates/vpn.manual.tpl rename to charts/vpn-ios-profile/templates/vpn.manual.tpl diff --git a/helm_vpn-ios-profile/templates/vpn.tpl b/charts/vpn-ios-profile/templates/vpn.tpl similarity index 100% rename from helm_vpn-ios-profile/templates/vpn.tpl rename to charts/vpn-ios-profile/templates/vpn.tpl diff --git a/helm_vpn-ios-profile/templates/vpn.wifi.tpl b/charts/vpn-ios-profile/templates/vpn.wifi.tpl similarity index 100% rename from helm_vpn-ios-profile/templates/vpn.wifi.tpl rename to charts/vpn-ios-profile/templates/vpn.wifi.tpl diff --git a/helm_vpn-ios-profile/templates/web/deployment.yaml b/charts/vpn-ios-profile/templates/web/deployment.yaml similarity index 100% rename from helm_vpn-ios-profile/templates/web/deployment.yaml rename to charts/vpn-ios-profile/templates/web/deployment.yaml diff --git a/helm_vpn-ios-profile/templates/web/ingress.yaml b/charts/vpn-ios-profile/templates/web/ingress.yaml similarity index 100% rename from helm_vpn-ios-profile/templates/web/ingress.yaml rename to charts/vpn-ios-profile/templates/web/ingress.yaml diff --git a/helm_vpn-ios-profile/templates/web/middleware.yaml b/charts/vpn-ios-profile/templates/web/middleware.yaml similarity index 100% rename from helm_vpn-ios-profile/templates/web/middleware.yaml rename to charts/vpn-ios-profile/templates/web/middleware.yaml diff --git a/helm_vpn-ios-profile/templates/web/secret-basicauth.yaml b/charts/vpn-ios-profile/templates/web/secret-basicauth.yaml similarity index 100% rename from helm_vpn-ios-profile/templates/web/secret-basicauth.yaml rename to charts/vpn-ios-profile/templates/web/secret-basicauth.yaml diff --git a/helm_vpn-ios-profile/templates/web/service.yaml b/charts/vpn-ios-profile/templates/web/service.yaml similarity index 100% rename from helm_vpn-ios-profile/templates/web/service.yaml rename to charts/vpn-ios-profile/templates/web/service.yaml diff --git a/helm_vpn-ios-profile/templates/wifi.tpl b/charts/vpn-ios-profile/templates/wifi.tpl similarity index 100% rename from helm_vpn-ios-profile/templates/wifi.tpl rename to charts/vpn-ios-profile/templates/wifi.tpl diff --git a/helm_vpn-ios-profile/test/vpn-vpn.mobileconfig b/charts/vpn-ios-profile/test/vpn-vpn.mobileconfig similarity index 100% rename from helm_vpn-ios-profile/test/vpn-vpn.mobileconfig rename to charts/vpn-ios-profile/test/vpn-vpn.mobileconfig diff --git a/helm_vpn-ios-profile/values.yaml b/charts/vpn-ios-profile/values.yaml similarity index 100% rename from helm_vpn-ios-profile/values.yaml rename to charts/vpn-ios-profile/values.yaml From 9ae6007cb8bf087fb727fca2ef63957e16383883 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:19:01 +0100 Subject: [PATCH 285/291] chore(merge): unify gitignore --- charts/vpn-ios-profile/.gitignore => .gitignore | 5 +++-- helm_ipsec-vpn-server/.gitignore | 2 -- helm_paperlessngx-backup/.gitignore | 2 -- 3 files changed, 3 insertions(+), 6 deletions(-) rename charts/vpn-ios-profile/.gitignore => .gitignore (69%) delete mode 100644 helm_ipsec-vpn-server/.gitignore delete mode 100644 helm_paperlessngx-backup/.gitignore diff --git a/charts/vpn-ios-profile/.gitignore b/.gitignore similarity index 69% rename from charts/vpn-ios-profile/.gitignore rename to .gitignore index 3790e2a..b5f086a 100644 --- a/charts/vpn-ios-profile/.gitignore +++ b/.gitignore @@ -6,5 +6,6 @@ Chart.lock values-*.yaml -## Ignore certs directory -certs/* +certs/ +release/ +repo/ diff --git a/helm_ipsec-vpn-server/.gitignore b/helm_ipsec-vpn-server/.gitignore deleted file mode 100644 index c16ef53..0000000 --- a/helm_ipsec-vpn-server/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -release/ -repo/ diff --git a/helm_paperlessngx-backup/.gitignore b/helm_paperlessngx-backup/.gitignore deleted file mode 100644 index c16ef53..0000000 --- a/helm_paperlessngx-backup/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -release/ -repo/ From e7479c373ecf5be2308854a54b6a5685fbcb7ff8 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:25:22 +0100 Subject: [PATCH 286/291] chore(merge): ensure README are present No symlinks --- charts/ipsec-vpn-server/README.md | 71 +++++++++++++++++++++++- charts/paperlessngx-backup/README.md | 36 +++++++++++- charts/paperlessngx-ftp-bridge/README.md | 39 ++++++++++++- helm_ipsec-vpn-server/README.md | 70 ----------------------- helm_paperlessngx-backup/README.md | 35 ------------ 5 files changed, 143 insertions(+), 108 deletions(-) mode change 120000 => 100644 charts/ipsec-vpn-server/README.md mode change 120000 => 100644 charts/paperlessngx-backup/README.md mode change 120000 => 100644 charts/paperlessngx-ftp-bridge/README.md delete mode 100644 helm_ipsec-vpn-server/README.md delete mode 100644 helm_paperlessngx-backup/README.md diff --git a/charts/ipsec-vpn-server/README.md b/charts/ipsec-vpn-server/README.md deleted file mode 120000 index fe84005..0000000 --- a/charts/ipsec-vpn-server/README.md +++ /dev/null @@ -1 +0,0 @@ -../../README.md \ No newline at end of file diff --git a/charts/ipsec-vpn-server/README.md b/charts/ipsec-vpn-server/README.md new file mode 100644 index 0000000..458a3bf --- /dev/null +++ b/charts/ipsec-vpn-server/README.md @@ -0,0 +1,70 @@ +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/ipsec-vpn-server) + +# Helm chart: IPsec VPN server + +Kubernetes [Helm](https://helm.sh) chart to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2. +This is based on the docker image [hwdsl2/docker-ipsec-vpn-server](https://github.com/hwdsl2/docker-ipsec-vpn-server). + +The main goal is to simplify the deployment of a VPN server for k8s. +You will be able to configure VPN users directly as list in the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml). + +## Configuration + +The configuration of the VPN server will be set in the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml)-file. +Please ensure to overwrite the configuration especially for `vpn.psk`, `vpn.dns_name` and `users[*].password`. + +It is possible to commit the password to your git repository if you have a separate sealed-secret instance. +You find detailed documentation in the section [Using sealed-secrets](#Using-sealed-secrets). + +## Installation + +To deploy the Helm chart first copy the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml)-file and customize your deployment. +After it was modified you can deploy the chart with the following command. + +```bash +$ helm repo add taskmedia https://helm.task.media +$ helm repo update + +$ helm show values taskmedia/ipsec-vpn-server > ./my-values.yaml +$ vi ./my-values.yaml + +$ helm upgrade --install vpn taskmedia/ipsec-vpn-server --values ./my-values.yaml +``` + +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): + +```bash +$ helm upgrade --install vpn oci://ghcr.io/taskmedia/ipsec-vpn-server +``` + +## Using sealed-secrets + +To ensure your passwords can be committed to the repository (GitOps) without security issues you can use the integrated [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) approach. +Enable it by setting `sealed_secrets: true`. +The `vpn.psk` and `users[*].password` then have to be entered encrypted. +To encrypt a value you need to use the public key of sealed-secrets. +The best approach is to use the [`kubeseal`](https://github.com/bitnami-labs/sealed-secrets/releases/latest) binary: + +```bash +$ echo -n "${secret}" | \ + kubeseal \ + --raw \ + --from-file=/dev/stdin \ + --controller-name "sealed-secrets" \ + --controller-namespace "sealed-secrets" \ + --name "vpn-vpnconfig" \ + --namespace "vpn" \ +``` + +Ensure to use the correct _name_ and _namespace_ otherwise the [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) will not be created by sealed-secrets. +As _name_ you have to specify the name of the generated secret. +Typically this is your `fullnameOverride` with suffix `-vpnconfig`. +Also specify the _namespace_ where the VPN server will be deployed to. + +**Example** + +```yaml +users: + - username: vpn + password: AgBAK6LJs8coFflnplWkf/w9a/MR6HpWHKPyEerTW+KgIf/XvOUC72YIGMlOYxWcyMX6v8GfnWKOR32KMKejzLGEEYaije1JPGeDgpiChzcKow7GJx2tCZy9BCDdX68UZlIX8SYNBa+fkPV1jwk5SuAURVO5K5VngNlRF3XjkEvxZ6rfvELE+T9IJj4jg8/cBVIbypBHx/Cw1eDOucZXSQKo3bvyBiVasd/MzfCj+3ukayeAbrm5XqRlxVNjRKikOv0HO3qr8SwWyguVush5Jpo0LCmqwGf8z1QmBQFqI1/XJXAJ3kckvanRwEafUpNRAyaY/H/b7OMaw3wUkaWcUTCQ5ZUFe99OKLzQzMlxC+nGxE78v2/RKS5Nxf2mQFnXdjtAZBnKN+fYs/N8YpixFF3FRZQ2FEtifcDUBTvQ9U1bcd7S3vybOAfJHy3FNi6v+/vCtWuwELAznD5EaEJZ1UE6My7spgYbQ3Ld3TxnReYyR9L2171D509/zMWZdFiaVIY417Clq03mi9pbyz85CsR1Sm3yNsw7YGAO3hBZd0a1wW519CrKEUQ0laQoEWkw7EMfj/WtOLBmw9DgRDCFHhLDRF6vwVNGhmnu/qW+dpYtY18wI6LuO5HnblV/fJ0/aD4SnscLgmnopFPraqtK2E4DQGsVc0jLu+nBcN46SYCUTysVPwULMddQXLyPbBYStjjCXFgJR9xTmg== +``` diff --git a/charts/paperlessngx-backup/README.md b/charts/paperlessngx-backup/README.md deleted file mode 120000 index fe84005..0000000 --- a/charts/paperlessngx-backup/README.md +++ /dev/null @@ -1 +0,0 @@ -../../README.md \ No newline at end of file diff --git a/charts/paperlessngx-backup/README.md b/charts/paperlessngx-backup/README.md new file mode 100644 index 0000000..bb2f52a --- /dev/null +++ b/charts/paperlessngx-backup/README.md @@ -0,0 +1,35 @@ +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/paperlessngx-backup) + +# Helm chart: paperless-ngx backup + +Kubernetes [Helm](https://helm.sh) chart to create a cronjob to backup the paperless-ngx instance to a remote FTP server. + +The script will use the [document exporter](https://docs.paperless-ngx.com/administration/#exporter) to create a backup of your paperless-ngx instance. +If you want the backup also can be gpg encrypted prior to upload the zipped backup to the FTP server. + +## Configuration + +The configuration of the backup cronjob will be set in the [`values.yaml`](./values.yaml)-file. +Everything is pretty straight forward and should be self-explanatory. +If you think more information should be provided or need help, feel free to open an issue. + +## Installation + +To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. +After it was modified you can deploy the chart with the following command. + +```bash +$ helm repo add taskmedia https://helm.task.media +$ helm repo update + +$ helm show values taskmedia/paperlessngx-backup > ./my-values.yaml +$ vi ./my-values.yaml + +$ helm upgrade --install paperlessngx-backup taskmedia/paperlessngx-backup --values ./my-values.yaml +``` + +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): + +```bash +$ helm upgrade --install paperlessngx-backup oci://ghcr.io/taskmedia/paperlessngx-backup +``` diff --git a/charts/paperlessngx-ftp-bridge/README.md b/charts/paperlessngx-ftp-bridge/README.md deleted file mode 120000 index fe84005..0000000 --- a/charts/paperlessngx-ftp-bridge/README.md +++ /dev/null @@ -1 +0,0 @@ -../../README.md \ No newline at end of file diff --git a/charts/paperlessngx-ftp-bridge/README.md b/charts/paperlessngx-ftp-bridge/README.md new file mode 100644 index 0000000..b34c6f4 --- /dev/null +++ b/charts/paperlessngx-ftp-bridge/README.md @@ -0,0 +1,38 @@ +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/paperlessngx-ftp-bridge) + +# Helm chart: paperless-ngx FTP bridge + +Kubernetes [Helm](https://helm.sh) chart to automatically upload PDF files from a FTP server to paperless-ngx. + +This application will automatically search for PDF files on your FTP server and upload them to the paperless-ngx API. +The application will run as a cronjob and will be executed every 5 minutes (can be changed). + +You can use this application e.g. if your document scanner can only upload files to a FTP server. +With this bridge your scan device will be able to upload the documents directly with the FTP as file storage inbetween. + +## Configuration + +The configuration of the application will be set in the [`values.yaml`](./values.yaml)-file. +Everything is pretty straight forward and should be self-explanatory. +If you think more information should be provided or need help, feel free to open an issue. + +## Installation + +To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. +After it was modified you can deploy the chart with the following command. + +```bash +$ helm repo add taskmedia https://helm.task.media +$ helm repo update + +$ helm show values taskmedia/paperlessngx-ftp-bridge > ./my-values.yaml +$ vi ./my-values.yaml + +$ helm upgrade --install paperlessngx-ftp-bridge taskmedia/paperlessngx-ftp-bridge --values ./my-values.yaml +``` + +You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): + +```bash +$ helm upgrade --install paperlessngx-ftp-bridge oci://ghcr.io/taskmedia/paperlessngx-ftp-bridge +``` diff --git a/helm_ipsec-vpn-server/README.md b/helm_ipsec-vpn-server/README.md deleted file mode 100644 index 458a3bf..0000000 --- a/helm_ipsec-vpn-server/README.md +++ /dev/null @@ -1,70 +0,0 @@ -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/ipsec-vpn-server) - -# Helm chart: IPsec VPN server - -Kubernetes [Helm](https://helm.sh) chart to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2. -This is based on the docker image [hwdsl2/docker-ipsec-vpn-server](https://github.com/hwdsl2/docker-ipsec-vpn-server). - -The main goal is to simplify the deployment of a VPN server for k8s. -You will be able to configure VPN users directly as list in the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml). - -## Configuration - -The configuration of the VPN server will be set in the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml)-file. -Please ensure to overwrite the configuration especially for `vpn.psk`, `vpn.dns_name` and `users[*].password`. - -It is possible to commit the password to your git repository if you have a separate sealed-secret instance. -You find detailed documentation in the section [Using sealed-secrets](#Using-sealed-secrets). - -## Installation - -To deploy the Helm chart first copy the [`values.yaml`](./charts/ipsec-vpn-server/values.yaml)-file and customize your deployment. -After it was modified you can deploy the chart with the following command. - -```bash -$ helm repo add taskmedia https://helm.task.media -$ helm repo update - -$ helm show values taskmedia/ipsec-vpn-server > ./my-values.yaml -$ vi ./my-values.yaml - -$ helm upgrade --install vpn taskmedia/ipsec-vpn-server --values ./my-values.yaml -``` - -You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): - -```bash -$ helm upgrade --install vpn oci://ghcr.io/taskmedia/ipsec-vpn-server -``` - -## Using sealed-secrets - -To ensure your passwords can be committed to the repository (GitOps) without security issues you can use the integrated [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) approach. -Enable it by setting `sealed_secrets: true`. -The `vpn.psk` and `users[*].password` then have to be entered encrypted. -To encrypt a value you need to use the public key of sealed-secrets. -The best approach is to use the [`kubeseal`](https://github.com/bitnami-labs/sealed-secrets/releases/latest) binary: - -```bash -$ echo -n "${secret}" | \ - kubeseal \ - --raw \ - --from-file=/dev/stdin \ - --controller-name "sealed-secrets" \ - --controller-namespace "sealed-secrets" \ - --name "vpn-vpnconfig" \ - --namespace "vpn" \ -``` - -Ensure to use the correct _name_ and _namespace_ otherwise the [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) will not be created by sealed-secrets. -As _name_ you have to specify the name of the generated secret. -Typically this is your `fullnameOverride` with suffix `-vpnconfig`. -Also specify the _namespace_ where the VPN server will be deployed to. - -**Example** - -```yaml -users: - - username: vpn - password: AgBAK6LJs8coFflnplWkf/w9a/MR6HpWHKPyEerTW+KgIf/XvOUC72YIGMlOYxWcyMX6v8GfnWKOR32KMKejzLGEEYaije1JPGeDgpiChzcKow7GJx2tCZy9BCDdX68UZlIX8SYNBa+fkPV1jwk5SuAURVO5K5VngNlRF3XjkEvxZ6rfvELE+T9IJj4jg8/cBVIbypBHx/Cw1eDOucZXSQKo3bvyBiVasd/MzfCj+3ukayeAbrm5XqRlxVNjRKikOv0HO3qr8SwWyguVush5Jpo0LCmqwGf8z1QmBQFqI1/XJXAJ3kckvanRwEafUpNRAyaY/H/b7OMaw3wUkaWcUTCQ5ZUFe99OKLzQzMlxC+nGxE78v2/RKS5Nxf2mQFnXdjtAZBnKN+fYs/N8YpixFF3FRZQ2FEtifcDUBTvQ9U1bcd7S3vybOAfJHy3FNi6v+/vCtWuwELAznD5EaEJZ1UE6My7spgYbQ3Ld3TxnReYyR9L2171D509/zMWZdFiaVIY417Clq03mi9pbyz85CsR1Sm3yNsw7YGAO3hBZd0a1wW519CrKEUQ0laQoEWkw7EMfj/WtOLBmw9DgRDCFHhLDRF6vwVNGhmnu/qW+dpYtY18wI6LuO5HnblV/fJ0/aD4SnscLgmnopFPraqtK2E4DQGsVc0jLu+nBcN46SYCUTysVPwULMddQXLyPbBYStjjCXFgJR9xTmg== -``` diff --git a/helm_paperlessngx-backup/README.md b/helm_paperlessngx-backup/README.md deleted file mode 100644 index bb2f52a..0000000 --- a/helm_paperlessngx-backup/README.md +++ /dev/null @@ -1,35 +0,0 @@ -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/taskmedia)](https://artifacthub.io/packages/helm/taskmedia/paperlessngx-backup) - -# Helm chart: paperless-ngx backup - -Kubernetes [Helm](https://helm.sh) chart to create a cronjob to backup the paperless-ngx instance to a remote FTP server. - -The script will use the [document exporter](https://docs.paperless-ngx.com/administration/#exporter) to create a backup of your paperless-ngx instance. -If you want the backup also can be gpg encrypted prior to upload the zipped backup to the FTP server. - -## Configuration - -The configuration of the backup cronjob will be set in the [`values.yaml`](./values.yaml)-file. -Everything is pretty straight forward and should be self-explanatory. -If you think more information should be provided or need help, feel free to open an issue. - -## Installation - -To deploy the Helm chart first copy the [`values.yaml`](./values.yaml)-file and customize your deployment. -After it was modified you can deploy the chart with the following command. - -```bash -$ helm repo add taskmedia https://helm.task.media -$ helm repo update - -$ helm show values taskmedia/paperlessngx-backup > ./my-values.yaml -$ vi ./my-values.yaml - -$ helm upgrade --install paperlessngx-backup taskmedia/paperlessngx-backup --values ./my-values.yaml -``` - -You can also use OCI Helm charts from [ghcr.io](https://ghcr.io/): - -```bash -$ helm upgrade --install paperlessngx-backup oci://ghcr.io/taskmedia/paperlessngx-backup -``` From 5df38a33703c3604002ecff9d42388a8555474e0 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:25:46 +0100 Subject: [PATCH 287/291] chore(merge): move scripts dir to root --- {helm_ipsec-vpn-server/scripts => scripts}/.gitignore | 0 {helm_ipsec-vpn-server/scripts => scripts}/fetch-publickey.sh | 0 {helm_ipsec-vpn-server/scripts => scripts}/seal-secret.sh | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename {helm_ipsec-vpn-server/scripts => scripts}/.gitignore (100%) rename {helm_ipsec-vpn-server/scripts => scripts}/fetch-publickey.sh (100%) rename {helm_ipsec-vpn-server/scripts => scripts}/seal-secret.sh (100%) diff --git a/helm_ipsec-vpn-server/scripts/.gitignore b/scripts/.gitignore similarity index 100% rename from helm_ipsec-vpn-server/scripts/.gitignore rename to scripts/.gitignore diff --git a/helm_ipsec-vpn-server/scripts/fetch-publickey.sh b/scripts/fetch-publickey.sh similarity index 100% rename from helm_ipsec-vpn-server/scripts/fetch-publickey.sh rename to scripts/fetch-publickey.sh diff --git a/helm_ipsec-vpn-server/scripts/seal-secret.sh b/scripts/seal-secret.sh similarity index 100% rename from helm_ipsec-vpn-server/scripts/seal-secret.sh rename to scripts/seal-secret.sh From f05310f6b8efa65abb7b5ef5ecf2ee8f20a2857a Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:26:33 +0100 Subject: [PATCH 288/291] chore(merge): move helmignore for ipsec vpn server --- {helm_ipsec-vpn-server => charts/ipsec-vpn-server}/.helmignore | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {helm_ipsec-vpn-server => charts/ipsec-vpn-server}/.helmignore (100%) diff --git a/helm_ipsec-vpn-server/.helmignore b/charts/ipsec-vpn-server/.helmignore similarity index 100% rename from helm_ipsec-vpn-server/.helmignore rename to charts/ipsec-vpn-server/.helmignore From 413e2a1bee2e93936a74258c1d16b823135bfb19 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:37:02 +0100 Subject: [PATCH 289/291] chore(merge): unify dependabot --- .github/dependabot.yml | 6 ++++++ helm_ipsec-vpn-server/.github/dependabot.yml | 6 ------ helm_paperlessngx-backup/.github/dependabot.yml | 6 ------ 3 files changed, 6 insertions(+), 12 deletions(-) create mode 100644 .github/dependabot.yml delete mode 100644 helm_ipsec-vpn-server/.github/dependabot.yml delete mode 100644 helm_paperlessngx-backup/.github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..8ac6b8c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" diff --git a/helm_ipsec-vpn-server/.github/dependabot.yml b/helm_ipsec-vpn-server/.github/dependabot.yml deleted file mode 100644 index 41ea2a6..0000000 --- a/helm_ipsec-vpn-server/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: -- package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "monthly" diff --git a/helm_paperlessngx-backup/.github/dependabot.yml b/helm_paperlessngx-backup/.github/dependabot.yml deleted file mode 100644 index 41ea2a6..0000000 --- a/helm_paperlessngx-backup/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: -- package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "monthly" From a3009e0eff8b0437c2463551e8825d18129aaa87 Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:37:20 +0100 Subject: [PATCH 290/291] chore: add helm ecosystem to dependabot --- .github/dependabot.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8ac6b8c..ab6f356 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,3 +4,8 @@ updates: directory: "/" schedule: interval: "monthly" + + - package-ecosystem: "helm" + directory: "charts/" + schedule: + interval: "monthly" From 6abc3fcf529ade1603acd842268c555f5c4b66de Mon Sep 17 00:00:00 2001 From: Marco Lecheler Date: Wed, 31 Dec 2025 12:52:35 +0100 Subject: [PATCH 291/291] chore(merge): unify test workflow delete release wf Release workflows can not longer be used - need new implementation. --- .../.github => .github}/workflows/test.yaml | 0 .../.github/workflows/release.yaml | 78 ------------------- .../.github/workflows/test.yaml | 48 ------------ .../.github/workflows/release.yaml | 78 ------------------- .../.github/release-drafter.yml | 39 ---------- .../.github/workflows/release-drafter.yaml | 15 ---- .../.github/workflows/release.yaml | 56 ------------- .../.github/workflows/test.yaml | 49 ------------ 8 files changed, 363 deletions(-) rename {helm_paperlessngx-backup/.github => .github}/workflows/test.yaml (100%) delete mode 100644 helm_ipsec-vpn-server/.github/workflows/release.yaml delete mode 100644 helm_ipsec-vpn-server/.github/workflows/test.yaml delete mode 100644 helm_paperlessngx-backup/.github/workflows/release.yaml delete mode 100644 helm_vpn-ios-profile/.github/release-drafter.yml delete mode 100644 helm_vpn-ios-profile/.github/workflows/release-drafter.yaml delete mode 100644 helm_vpn-ios-profile/.github/workflows/release.yaml delete mode 100644 helm_vpn-ios-profile/.github/workflows/test.yaml diff --git a/helm_paperlessngx-backup/.github/workflows/test.yaml b/.github/workflows/test.yaml similarity index 100% rename from helm_paperlessngx-backup/.github/workflows/test.yaml rename to .github/workflows/test.yaml diff --git a/helm_ipsec-vpn-server/.github/workflows/release.yaml b/helm_ipsec-vpn-server/.github/workflows/release.yaml deleted file mode 100644 index 9046c97..0000000 --- a/helm_ipsec-vpn-server/.github/workflows/release.yaml +++ /dev/null @@ -1,78 +0,0 @@ -name: Release -on: - release: - types: [published] -jobs: - build-and-deploy: - runs-on: ubuntu-latest - if: github.repository == 'taskmedia/helm_ipsec-vpn-server' - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - uses: azure/setup-helm@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: bump release version (Chart.yaml) - env: - TAG_NAME: ${{ github.event.release.tag_name }} - run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/ipsec-vpn-server/Chart.yaml - - - name: commit version bump - uses: stefanzweifel/git-auto-commit-action@v7 - with: - branch: main - commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" - commit_options: "--no-verify" - file_pattern: charts/ipsec-vpn-server/Chart.yaml - - - name: move release tag - shell: bash - run: | - git tag --force ${{ github.event.release.tag_name }} HEAD - git push --force origin ${{ github.event.release.tag_name }} - - - name: update latest tag - shell: bash - run: | - git tag --force latest HEAD - git push --force origin latest - - - name: Create release binary - run: | - helm package charts/ipsec-vpn-server --destination release/ - - - name: login ghcr registry - run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin - - - name: push Helm chart to ghcr - run: helm push ./release/*tgz oci://ghcr.io/taskmedia - - - name: Update Index - env: - GH_PAGES_URL: github.com/taskmedia/helm - REPO_NAME: ipsec-vpn-server - HELM_URL: https://helm.task.media/ - run: | - rm -rf ./gh-pages.zip - rm -rf ./repo - curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip - unzip -o ./gh-pages.zip -d ./repo/ - mv -f ./repo/helm-gh-pages/* ./repo - rm -rf ./repo/helm-gh-pages/ - mkdir -p ./repo/${REPO_NAME} || true - cp ./release/*tgz ./repo/${REPO_NAME}/ - cp ./README.md ./repo/${REPO_NAME}/index.md - helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - - - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.7.4 - with: - repository-name: taskmedia/helm - branch: gh-pages - ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} - folder: repo - clean: false diff --git a/helm_ipsec-vpn-server/.github/workflows/test.yaml b/helm_ipsec-vpn-server/.github/workflows/test.yaml deleted file mode 100644 index 944438a..0000000 --- a/helm_ipsec-vpn-server/.github/workflows/test.yaml +++ /dev/null @@ -1,48 +0,0 @@ -name: Lint and Test Charts - -on: pull_request - -jobs: - lint-test: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@v4 - with: - version: v3.10.0 - - - uses: actions/setup-python@v6 - with: - python-version: '3.9' - check-latest: true - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.8.0 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) - if [[ -n "$changed" ]]; then - echo "changed=true" >> $GITHUB_OUTPUT - fi - - - name: Run chart-testing (lint) - if: steps.list-changed.outputs.changed == 'true' - run: | - ct lint \ - --check-version-increment=false \ - --target-branch ${{ github.event.repository.default_branch }} - - - name: Create kind cluster - uses: helm/kind-action@v1.13.0 - if: steps.list-changed.outputs.changed == 'true' - - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: ct install --all --chart-dirs charts diff --git a/helm_paperlessngx-backup/.github/workflows/release.yaml b/helm_paperlessngx-backup/.github/workflows/release.yaml deleted file mode 100644 index 9400e87..0000000 --- a/helm_paperlessngx-backup/.github/workflows/release.yaml +++ /dev/null @@ -1,78 +0,0 @@ -name: Release -on: - release: - types: [published] -jobs: - build-and-deploy: - runs-on: ubuntu-latest - if: github.repository == 'taskmedia/helm_paperlessngx-backup' - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - uses: azure/setup-helm@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: bump release version (Chart.yaml) - env: - TAG_NAME: ${{ github.event.release.tag_name }} - run: yq -i ".version = \"$(echo ${TAG_NAME:1})\"" charts/paperlessngx-backup/Chart.yaml - - - name: commit version bump - uses: stefanzweifel/git-auto-commit-action@v6 - with: - branch: main - commit_message: "chore(release): update version to ${{ github.event.release.tag_name }}" - commit_options: "--no-verify" - file_pattern: charts/paperlessngx-backup/Chart.yaml - - - name: move release tag - shell: bash - run: | - git tag --force ${{ github.event.release.tag_name }} HEAD - git push --force origin ${{ github.event.release.tag_name }} - - - name: update latest tag - shell: bash - run: | - git tag --force latest HEAD - git push --force origin latest - - - name: Create release binary - run: | - helm package charts/paperlessngx-backup --destination release/ - - - name: login ghcr registry - run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin - - - name: push Helm chart to ghcr - run: helm push ./release/*tgz oci://ghcr.io/taskmedia - - - name: Update Index - env: - GH_PAGES_URL: github.com/taskmedia/helm - REPO_NAME: paperlessngx-backup - HELM_URL: https://helm.task.media/ - run: | - rm -rf ./gh-pages.zip - rm -rf ./repo - curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip - unzip -o ./gh-pages.zip -d ./repo/ - mv -f ./repo/helm-gh-pages/* ./repo - rm -rf ./repo/helm-gh-pages/ - mkdir -p ./repo/${REPO_NAME} || true - cp ./release/*tgz ./repo/${REPO_NAME}/ - cp ./README.md ./repo/${REPO_NAME}/index.md - helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - - - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.7.4 - with: - repository-name: taskmedia/helm - branch: gh-pages - ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} - folder: repo - clean: false diff --git a/helm_vpn-ios-profile/.github/release-drafter.yml b/helm_vpn-ios-profile/.github/release-drafter.yml deleted file mode 100644 index 2a6a9ec..0000000 --- a/helm_vpn-ios-profile/.github/release-drafter.yml +++ /dev/null @@ -1,39 +0,0 @@ -name-template: "v$RESOLVED_VERSION" -tag-template: "v$RESOLVED_VERSION" -categories: - - title: "🔥 Enhancements" - labels: - - "enhancement" - - "feature" - - title: "🐛 Bug Fixes" - labels: - - "fix" - - "bug" - - title: "📓 Documentation" - labels: - - "documentation" - - title: "🛂 Test" - labels: - - "test" - - title: "🐋 Docker" - labels: - - "docker" -exclude-labels: - - "skip-changelog" -change-template: "- $TITLE @$AUTHOR (#$NUMBER)" -change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. -version-resolver: - major: - labels: - - "major" - minor: - labels: - - "minor" - patch: - labels: - - "patch" - default: patch -template: | - ## Changes since - $PREVIOUS_TAG - - $CHANGES diff --git a/helm_vpn-ios-profile/.github/workflows/release-drafter.yaml b/helm_vpn-ios-profile/.github/workflows/release-drafter.yaml deleted file mode 100644 index 6c09ced..0000000 --- a/helm_vpn-ios-profile/.github/workflows/release-drafter.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: release drafter - -on: - workflow_dispatch: - push: - branches: - - main - -jobs: - update_release_draft: - runs-on: ubuntu-latest - steps: - - uses: release-drafter/release-drafter@v5 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm_vpn-ios-profile/.github/workflows/release.yaml b/helm_vpn-ios-profile/.github/workflows/release.yaml deleted file mode 100644 index a30d319..0000000 --- a/helm_vpn-ios-profile/.github/workflows/release.yaml +++ /dev/null @@ -1,56 +0,0 @@ -name: Release -on: - release: - types: [published] -jobs: - build-and-deploy: - runs-on: ubuntu-latest - if: github.repository == 'taskmedia/helm_vpn-ios-profile' - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - uses: azure/setup-helm@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Create release binary - run: | - helm dependency update - - - name: Create release binary - run: | - helm package ./ --destination release/ - - - name: login ghcr registry - run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u taskmedia --password-stdin - - - name: push Helm chart to ghcr - run: helm push ./release/*tgz oci://ghcr.io/taskmedia - - - name: Update Index - env: - GH_PAGES_URL: github.com/taskmedia/helm - REPO_NAME: vpn-ios-profile - HELM_URL: https://helm.task.media/ - run: | - rm -rf ./gh-pages.zip - rm -rf ./repo - curl -sSLO https://${GH_PAGES_URL}/archive/gh-pages.zip - unzip -o ./gh-pages.zip -d ./repo/ - mv -f ./repo/helm-gh-pages/* ./repo - rm -rf ./repo/helm-gh-pages/ - cp ./release/*tgz ./repo/${REPO_NAME}/ - cp ./README.md ./repo/${REPO_NAME}/index.md - helm repo index --merge ./repo/index.yaml --url ${HELM_URL} ./repo - - - name: Deploy - uses: JamesIves/github-pages-deploy-action@v4.2.5 - with: - repository-name: taskmedia/helm - branch: gh-pages - ssh-key: ${{ secrets.DEPLOY_KEY_BLOG }} - folder: repo - clean: false diff --git a/helm_vpn-ios-profile/.github/workflows/test.yaml b/helm_vpn-ios-profile/.github/workflows/test.yaml deleted file mode 100644 index a1cd818..0000000 --- a/helm_vpn-ios-profile/.github/workflows/test.yaml +++ /dev/null @@ -1,49 +0,0 @@ -name: Test Helm chart - -on: - pull_request: - - push: - branches: - - "main" - -jobs: - test: - name: Test Helm chart - runs-on: ubuntu-latest - - steps: - - name: checkout repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: set up Helm - uses: azure/setup-helm@v1 - with: - version: v3.8.1 - - - name: setup python - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - - name: set up chart-testing - uses: helm/chart-testing-action@v2.2.1 - - - name: run chart-testing (lint) - run: | - ct lint \ - --charts ./ - - - name: create kind cluster - uses: helm/kind-action@v1.2.0 - - - name: setup chart dependency repository - run: | - helm repo add taskmedia https://helm.task.media/ - - - name: run chart-testing (install) - run: | - ct install \ - --charts ./