Switch DNS provider to hetzner

README.md

@@ -83,14 +83,37 @@ kubectl create secret generic digitalocean-api-key --from-literal=token=$DIGITAL
 ```
 
 #### Postgres
-copy secret over to goatchat namespace
+
+#### synapse
+```sh
+kubectl create secret generic goatchatca-signingkey --from-literal=signing.key=$GOATCHAT_SYNAPSE_SIGNING_KEY
+
+```
+copy secret from datastore over to goatchat namespace
 ```sh
 kubectl get secrets -n datastore postgres-pguser-synapse -o json | jq 'del(.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences) | .metadata.creationTimestamp=null,.metadata.namespace="goatchat"' | kubectl apply -f -
 ```
+delete synapse db and recreate with correct locale
+```sh
+PRIMARY_POD=$(kubectl -n datastore get pods --selector='postgres-operator.crunchydata.com/cluster=postgres,postgres-operator.crunchydata.com/role=master' -o jsonpath='{.items[*].metadata.labels.statefulset\.kubernetes\.io/pod-name}')
+PGPASSWORD=$(kubectl -n datastore get secrets  "postgres-pguser-grant" -o go-template='{{.data.password | base64decode}}')
 
-#### synapse
+kubectl -n datastore exec -it "$PRIMARY_POD" -- psql -c 'DROP DATABASE synapse;'
+kubectl -n datastore exec -it "$PRIMARY_POD" -- createdb --encoding=UTF8 --locale=C --template=template0 --owner=synapse synapse
 ```
-kubectl create secret generic goatchatca-signingkey --from-literal=signing.key=$GOATCHAT_SYNAPSE_SIGNING_KEY
+
+#### gitea
+copy secret from datastore over to goatchat namespace
+```sh
+kubectl get secrets -n datastore postgres-pguser-gitea -o json | jq 'del(.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences) | .metadata.creationTimestamp=null,.metadata.namespace="gitea"' | kubectl apply -f -
+```
+delete gitea db and recreate with correct locale
+```sh
+PRIMARY_POD=$(kubectl -n datastore get pods --selector='postgres-operator.crunchydata.com/cluster=postgres,postgres-operator.crunchydata.com/role=master' -o jsonpath='{.items[*].metadata.labels.statefulset\.kubernetes\.io/pod-name}')
+PGPASSWORD=$(kubectl -n datastore get secrets  "postgres-pguser-grant" -o go-template='{{.data.password | base64decode}}')
+
+kubectl -n datastore exec -it "$PRIMARY_POD" -- psql -c 'DROP DATABASE gitea;'
+kubectl -n datastore exec -it "$PRIMARY_POD" -- createdb --encoding=UTF8 --locale=C --template=template0 --owner=gitea gitea
 ```
 
 #### Ghost Blogs

helmfile.lock

@@ -6,6 +6,9 @@ dependencies:
 - name: ghost
   repository: https://charts.bitnami.com/bitnami
   version: 22.1.19
+- name: gitea
+  repository: https://dl.gitea.io/charts
+  version: 11.0.0
 - name: k8up
   repository: https://k8up-io.github.io/k8up
   version: 4.8.4
@@ -14,7 +17,7 @@ dependencies:
   version: 20.4.1
 - name: matrix-synapse
   repository: https://ananace.gitlab.io/charts
-  version: 3.11.4
+  version: 3.11.5
 - name: pgo
   repository: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
   version: 5.7.2
@@ -27,8 +30,11 @@ dependencies:
 - name: rook-ceph-cluster
   repository: https://charts.rook.io/release
   version: v1.16.5
+- name: tailscale-operator
+  repository: https://pkgs.tailscale.com/helmcharts
+  version: 1.80.3
 - name: traefik
   repository: https://traefik.github.io/charts
   version: 34.4.1
-digest: sha256:639b864ac6cbaa4164f58c388865d7a2796abbfacec9e69c5c077e1452cb557c
-generated: "2025-03-09T19:02:38.355742026-06:00"
+digest: sha256:14c9bc504c5060f8bbce5ec9a8df737a19a7216428a31c1cb34ef5c6648e45c5
+generated: "2025-03-12T21:27:22.529913117-06:00"

helmfile.yaml

@@ -15,6 +15,10 @@ repositories:
     url: https://immich-app.github.io/immich-charts
   - name: k8up-io
     url: https://k8up-io.github.io/k8up
+  - name: tailscale
+    url: https://pkgs.tailscale.com/helmcharts
+  - name: gitea
+    url: https://dl.gitea.io/charts
 releases:
   # networking
   - name: metallb
@@ -32,6 +36,17 @@ releases:
         value: {{ requiredEnv "ACME_EMAIL" }}
       - name: extraObjects[0].stringData.password
         value: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }}
+  - name: tailscale-operator
+    namespace: tailscale
+    createNamespace: true
+    chart: tailscale/tailscale-operator
+    setString:
+      - name: oauth.clientId
+        value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_ID" }}
+      - name: oauth.clientSecret
+        value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_SECRET" }}
+      - name: apiServerProxyConfig.mode
+        value: noauth
   # storage infrastructure
   - name: rook-ceph
     namespace: rook-ceph
@@ -114,6 +129,16 @@ releases:
       - name: ghostUsername
         value: {{ requiredEnv "GHOST_53LL_USER_NAME" }}
 
+  # dev tools
+  - name: gitea
+    namespace: gitea
+    createNamespace: true
+    chart: gitea/gitea
+    values:
+      - ./gitea/values.yaml
+    setString:
+      - name: gitea.admin.password
+        value: {{ requiredEnv "GITEA_ADMIN_PASSWORD" }}
   # backup
   - name: k8up
     namespace: k8up

postgres/values.yaml

@@ -12,11 +12,16 @@ users:
     databases:
       - postgres
       - synapse
+      - gitea     
     options: "SUPERUSER LOGIN"
   - name: synapse
     databases:
       - synapse
     options: "LOGIN"
+  - name: gitea
+    databases:
+      - gitea
+    options: "LOGIN"      
     
     
   

rook-ceph-cluster/values.yaml

@@ -9,19 +9,19 @@ cephClusterSpec:
   resources:
     mgr:
       requests:
-        cpu: 250m
+        cpu: 150m
         memory: 256Mi
       limits:
         cpu: "1"
     mon:
       requests:
-        cpu: 250m
+        cpu: 150m
         memory: 256Mi
       limits:
         cpu: "1"        
     osd:
       requests:
-        cpu: 250m
+        cpu: 150m
         memory: 256Mi
       limits:
         cpu: "1"

traefik/values.yaml

@@ -8,10 +8,10 @@ deployment:
           mountPath: /data
 
 env:
- - name: DO_AUTH_TOKEN
+ - name: HETZNER_API_KEY
    valueFrom:
      secretKeyRef:
-       name: digitalocean-api-key
+       name: hetzner-api-key
        key: token
 
 additionalArguments:
@@ -52,7 +52,7 @@ certificatesResolvers:
   letsencrypt:
     acme:
       dnschallenge:
-        provider: digitalocean
+        provider: hetzner
         delaybeforecheck: 30
       email: # set through cli args
       storage: /data/acme.json