integrated core and webpresence, cleaned up dir tree and notes

2024-09-19 20:08:52 +02:00 · 2022-11-29 14:16:04 +01:00 · 2022-11-29 14:16:04 +01:00 · 4f5d7833fb
parent 66e6581f11
commit 4f5d7833fb
75 changed files with 448 additions and 1023 deletions
--- a/.envrc
+++ b/.envrc
@ -1,7 +1,4 @@
 use flake
 watch_file ./nix/checks.nix
 watch_file ./nix/dev-shell.nix
 eval "$shellHook"
--- a/.gitignore
+++ b/.gitignore
@ -9,3 +9,4 @@ charts
 temp
 site
 !base/charts
 .pre-commit-config.yaml
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,47 +1,23 @@
 ---
 variables:
  NIX_VERSION: "latest"
  NIX_CONFIG: "experimental-features = nix-command flakes recursive-nix"
 default:
-  image: nixpkgs/nix-unstable:${NIX_VERSION}
+  tags:
-  timeout: 1 hours
+    - nix
  before_script:
-    # - nix flake show
+    - nix develop
    # - nix profile install --inputs-from . 'nixpkgs#direnv'
    # - direnv hook bash >> ~/.bashrc
    # - . ~/.bashrc
    # - . /etc/profile
    # - env
    # - direnv allow
    # - direnv status
    # - direnv reload
    # - cd $(pwd)
    - nix profile install --inputs-from . 'nixpkgs#yamllint'
    - nix profile install --inputs-from . 'nixpkgs#mdl'
    - nix profile install --inputs-from . 'nixpkgs#kubectl'
    - nix profile install --inputs-from . 'nixpkgs#kubernetes-helm'
    - nix profile install --inputs-from . 'nixpkgs#kustomize'
 stages:
  - test
  - build
  - release
  - deploy
 lint.yaml:
  stage: test
  script:
    - yamllint -f auto .
-lint.markdown:
+lint.kustomize.dev:
-  stage: test
+  stage: build
  script: mdl .
 kustomize.dev:
  stage: test
  script: kubectl kustomize overlays/dev --enable-helm
-kustomize.prod:
+lint.kustomize.prod:
-  stage: test
+  stage: build
  script: kubectl kustomize overlays/prod --enable-helm
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,22 +0,0 @@
 ---
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.3.0
    hooks:
      - id: check-added-large-files
      - id: check-builtin-literals
      - id: check-case-conflict
      - id: check-docstring-first
      - id: check-json
      - id: check-merge-conflict
      - id: check-yaml
      - id: detect-private-key
      - id: double-quote-string-fixer
      - id: end-of-file-fixer
      - id: trailing-whitespace
  - repo: https://github.com/adrienverge/yamllint
    rev: v1.27.1
    hooks:
      - id: yamllint
        files: '.*(?<!\.yaml)$'
--- a/62
+++ b/62
@ -16,20 +16,11 @@ help: ## Display this help.
 ##@ Setup
-up: k3d-create olm-install ## Create a local k3d development cluster with operator lifecycle manager.
+up: ## Create a local K3D development cluster.
-down: k3d-delete ## Delete the local k3d development cluster.
+	@k3d cluster create interfacer-swkit --config k3s-dev.yaml
-olm-install: ## Install the Operator Framework Lifecycle Manager.
+down: ## Delete the local K3D development cluster
-	@operator-sdk olm install
+	@k3d cluster delete interfacer-swkit
 olm-uninstall: ## Uninstall the Operator Framework Lifecycle Manager.
 	@operator-sdk olm uninstall
 k3d-create: ## Create a local K3D development cluster.
 	@k3d cluster create fcos-dev --config ci/k3d-fcos-dev.yaml
 k3d-delete: ## Delete the local K3D development cluster
 	@k3d cluster delete fcos-dev
 ##@ Lint
@ -44,11 +35,6 @@ markdown-lint: ## Lint all Markdown files.
 manifest-lint: ## Lint the Kubenetes manifest.
 	@kubectl kustomize overlays/dev --enable-helm | kubeconform -ignore-missing-schemas -strict
 ##@ Test
 conftest: ## Test the Kubernetes manifest against the policies.
 	@kubectl kustomize overlays/dev --enable-helm | conftest test -p test -
 ##@ Build
 doc: ## Build the documentation using mkdocs.
@ -57,9 +43,21 @@ doc: ## Build the documentation using mkdocs.
 manifest: ## Build Kubernetes manifest using Kustomize and Helm.
 	@kubectl kustomize overlays/dev --enable-helm
-deploy: ## Apply the manifest to the local Kubernetes development cluster.
+deploy: deploy-dev ## Apply the manifest to the local Kubernetes development cluster.
 deploy-dev: ## Apply the manifest to the local Kubernetes development cluster.
 	@kubectl kustomize overlays/dev/ --enable-helm | kubectl apply --server-side=true -f -
 deploy-prod: ## Apply the manifest to the Kubernetes production cluster.
 	@kubectl kustomize overlays/prod/ --enable-helm | kubectl apply --server-side=true -f -
 remove: ## Remove the namespaces from the Kubernetes cluster.
 	@kubectl delete namespaces 	\
 		cert-manager 			\
 		gitea 					\
 		interfacer-core 		\
 		interfacer-webpresence
 clean: down up ## Clean the local Kubernetes development cluster.
 ##@ Show
@ -85,36 +83,10 @@ get-node: ## Get all Kubernetes nodes.
 watch-all: ## Watch the state of all Kubernetes resources.
 	@watch -n 1 kubectl get all --all-namespaces
 get-olm-status: ## Get the state of the Operator Framework Lifecycle Manager.
 	@operator-sdk olm status
 get-olm-cat: ## Get the catalog sources of the Operator Framework Lifecycle Manager.
 	@kubectl get catalogsources.operators.coreos.com --all-namespaces
 get-olm-subs: ## Get the catalog subscriptions of the Operator Framework Lifecycle Manager.
 	@kubectl get subscriptions.operators.coreos.com --all-namespaces
 get-olm-pkgs: ## Get the package manifest of the Operator Framework Lifecycle Manager.
 	@kubectl get packagemanifest --all-namespaces
 get-olm-ip: ## Get the install plans of the Operator Framework Lifecycle Manager.
 	@kubectl get installplans.operators.coreos.com --all-namespaces
 ##@ Log
 olm: ## Show logs of the Operator Framework Lifecycle Manager.
 	@kubectl logs -f deployment.apps/olm-operator --all-containers -n olm
 events: ## Show all Kubernetes cluster events.
 	@kubectl get events --watch --all-namespaces
 ##@ Tools
 nav: ## Start K9s to view and manage your Kubernetes clusters.
 	@k9s --all-namespaces --headless
 lens: ## Start Lens to view and manage your Kubernetes clusters.
 	@nohup lens > /dev/null 2>&1&
 %:
 	@true
--- a/README.md
+++ b/README.md
@ -1,47 +1,36 @@
 <p align="center">
-  <img src="https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png" alt="FabCity Hamburg" width="192" height="192" />
+  <img src="https://raw.githubusercontent.com/dyne/interfacer-docs/main/docs/_media/general/interfacer-logo.png" alt="Interfacer" />
 </p>
-<h1 align="center">FabCityOS Kubernetes Integration Repo</h1>
+<h1 align="center">Interfacer SWKit for Kubernetes ⚓️</h1>
 <h4 align="center">
  <a href="https://github.com/FabCityOS Core/FabCityOS Core">Helm Chart</a> |
  <a href="https://reflowos.dyne.org/docs/what_is_reflowOS">Documentation</a> |
  <a href="https://matrix.to/#/#fcos:fabcity.hamburg">Element</a> |
  <a href="https://www.interfacerproject.eu/">Website</a> |
-  <a href="https://www.interfacerproject.eu/#news">Blog</a> |
+  <a href="https://www.interfacerproject.eu/#news">Blog</a>
 </h4>
 <p align="center">
-  <a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
+  <a href="https://gitlab.fabcity.hamburg/software/interfacer-swkit/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
-  <a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/badges/main/pipeline.svg" alt="Build status"></a>
+  <a href="https://gitlab.fabcity.hamburg/software/interfacer-swkit/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/interfacer-swkit/badges/main/pipeline.svg" alt="Pipeline"></a>
-  <a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Element"></a>
+  <a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Matrix"></a>
 </p>
-<p align="center">The FabCityOS Integration Repo for Kubernetes ⚓️</p>
+This Repo is designed to be a lightweight way to configure the Interfacer SWKit applications. Interfacer SWKit is a bundle of Applications to enabling a data-based circular economy via global collaboration and local production.
 This Integration repo is designed to be a lightweight way to configure FabCityOS applications.
 **FabCityOS** is an operating system enabling a data-based circular economy via global collaboration and local production.
 ## Table of Contents <!-- omit in toc -->
 - [📖 Documentation](#-documentation)
 - [🚀 Getting Started](#-getting-started)
  - [Repository structure](#repository-structure)
- [🤖 Compatibility with FabCityOS](#-compatibility-with-fabcityos)
+  - [Install kubectl](#install-kubectl)
  - [Install helm](#install-helm)
 - [⚙️ Development Workflow and Contributing](#️-development-workflow-and-contributing)
 ## 📖 Documentation
 - [k3d](https://k3d.io/)
 - [kubectl](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands)
 - [kustomize](https://kubectl.docs.kubernetes.io/guides/)
 - [helm](https://helm.sh/docs/)
 - [kubectx](https://kubectx.dev/)
 - [kube-linter](https://github.com/stackrox/kube-linter)
 - [k9s](https://k9scli.io/)
 - [sops](https://github.com/mozilla/sops)
 - [cert-manager](https://cert-manager.io/docs/)y
 ## 🚀 Getting Started
@ -53,59 +42,42 @@ First of all, you will need a Kubernetes cluster up and running. If you are not
 ### Repository structure
 ```yaml
-├── apps                                # kustomize global applications folder
+├── base                           # kustomize global objects folder
-│   ├── wordpress                       # kustomize global application folder
+│   ├── kustomization.yaml         # kustomize global application config
-│   │   ├── kustomization.yaml          # kustomize global application definition
+│   └── ...                        # kustomize global cluster objects
-│   │   ├── charts                      # helm global chart config folder
+├── apps                           # kustomize global applications folder
-│   │   └── ...                         # kustomize global application objects
+│   ├── gitea                      # kustomize global application folder
-│   └── ...                             # kustomize global applications objects
+│   │   ├── kustomization.yaml     # kustomize global application definition
-├── base                                # kustomize global objects folder
+│   │   ├── charts                 # helm global chart config folder
-│   ├── kustomization.yaml              # kustomize global application config
+│   │   └── ...                    # kustomize global application objects
-│   └── ...                             # kustomize global cluster objects
+│   └── ...                        # kustomize global applications objects
-├── overlays                            # kustomize environment overrides
+├── overlays                       # kustomize environment overrides
-│   ├── dev                             # kustomize environment folder
+│   ├── dev                        # kustomize environment specific
-│   │   ├── kustomization.yaml          # kustomize environment definition
+│   │   ├── kustomization.yaml     # kustomize environment definition
-│   │   └── apps                        # kustomize applications folder
+│   │   └── cert-manager           # kustomize applications folder
-│   │       └── cert-manager            # kustomize application folder
+│   │       ├── kustomization.yaml # kustomize application config
-│   │           ├── kustomization.yaml  # kustomize application config
+│   │       └── ...                # kustomize application objects
-│   │           └── ...                 # kustomize application objects
+│   └── ...                        # kustomize environment folder
-│   └── ...                             # kustomize environment folder
+├── .envrc                         # direnv support file
-├── .envrc                              # direnv support file
+└── flake.nix                      # nix flake for local runtime dependency
 ├── default.nix                         # nixos flake legacy support file
 ├── flake.lock                          # nixos flake versions lock file
 ├── flake.nix                           # nixos local runtime dependency
 ├── shell.nix                           # nixos local development shell
 ```
-### Install kubectl <!-- omit in toc -->
+### Install kubectl
 `kubectl` is the most commonly used CLI to manage a Kubernetes cluster. The installation instructions are [available here](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
-### Deploy FabCityOS <!-- omit in toc -->
+### Install helm
-#### Install Kustomize <!-- omit in toc -->
+`helm` is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
-Kustomize CLI is a Command Line Interface which will automate configuration management on your Kubernetes cluster. To install Kustomize, follow the [Kustomize installation instructions](https://kubectl.docs.kubernetes.io/installation/kustomize/).
+#### Deploy the SWKit <!-- omit in toc -->
 #### Install helm <!-- omit in toc -->
 Helm CLI is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
 #### Deploy FabCityOS <!-- omit in toc -->
 ```sh
-kubectl kustomize overlays/prod --enable-helm | kubectl apply -f -
+git clone https://gitlab.fabcity.hamburg/software/interfacer-swkit.git
 cd interfacer-swkit
 kubectl kustomize --enable-helm | kubectl apply -f -
 ```
 ## 🤖 Compatibility with FabCityOS
 We recommend that the Helm chart version is aligned to the version of the product you want to deploy. This will ensure that you are using a chart version that has been tested against the corresponding production version.
 This will also ensure that the documentation and examples for the chart will work with the version of the product, you are installing.
 For example, if you want to deploy an fcos `0.1.0` cluster, use the corresponding `0.1.0` [tag][fcos-010].
 The `master` version of these charts is intended to support the latest pre-release versions of our products, and therefore may or may not work with current released versions.
 ## ⚙️ Development Workflow and Contributing
 Any new contribution is more than welcome in this project!
--- a/base/charts/gitea/kustomization.yaml
+++ b/base/charts/gitea/kustomization.yaml
@ -4,8 +4,7 @@ resources:
  - namespace.yaml
 helmCharts:
  - name: gitea
-    version: v5.0.9
+    version: 6.0.3
-    releaseName: fcos-gitea
+    releaseName: interfacer-gitea
    namespace: gitea
    repo: https://dl.gitea.io/charts/
    valuesFile: values.yaml
--- a/base/charts/gitea/namespace.yaml
+++ b/base/charts/gitea/namespace.yaml
--- a/base/charts/gitea/values.yaml
+++ b/base/charts/gitea/values.yaml
@ -4,11 +4,11 @@ service:
  http:
    type: ClusterIP
    port: 3000
-    clusterIP:
+    clusterIP: ""
  ssh:
    type: ClusterIP
    port: 22
-    clusterIP:
+    clusterIP: ""
 ingress:
  enabled: true
  apiVersion: networking.k8s.io/v1
@ -16,20 +16,20 @@ ingress:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
  hosts:
-    - host: code.dev.fabcity-hamburg.de
+    - host: code.k8s.dev.fabcity-hamburg.de
      paths:
        - path: /
          pathType: Prefix
 resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 250m
    memory: 256Mi
 gitea:
  config:
-    APP_NAME: "Fab City Codebase"
+    APP_NAME: "Interfacer Codebase"
    log:
      ENABLE_ACCESS_LOG: true
  metrics:
--- a/apps/interfacer-core/kustomization.yaml
+++ b/apps/interfacer-core/kustomization.yaml
@ -0,0 +1,10 @@
 ---
 namespace: interfacer-core
 resources:
  - namespace.yaml
 helmCharts:
  - name: fcoscore
    version: 0.1.0
    releaseName: interfacer-core
    namespace: interfacer-core
    repo: https://gitlab.fabcity.hamburg/api/v4/projects/248/packages/helm/alpha
--- a/base/operators/postgresql/namespace.yaml
+++ b/base/operators/postgresql/namespace.yaml
@ -2,4 +2,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: postgresql
+  name: interfacer-core
--- a/apps/interfacer-webpresence/deployment.yaml
+++ b/apps/interfacer-webpresence/deployment.yaml
@ -0,0 +1,27 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: interfacer-webpresence-deployment
 spec:
  selector:
    matchLabels:
      app: interfacer-webpresence
  replicas: 2
  template:
    metadata:
      labels:
        app: interfacer-webpresence
    spec:
      containers:
        - name: webpresence
          image: fabcityhamburg/interfacer-webpresence:latest
          ports:
            - containerPort: 80
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "128Mi"
              cpu: "500m"
--- a/apps/interfacer-webpresence/kustomization.yaml
+++ b/apps/interfacer-webpresence/kustomization.yaml
@ -0,0 +1,6 @@
 ---
 namespace: interfacer-webpresence
 resources:
  - namespace.yaml
  - deployment.yaml
  - service.yaml
--- a/apps/interfacer-webpresence/namespace.yaml
+++ b/apps/interfacer-webpresence/namespace.yaml
@ -2,4 +2,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: keycloak
+  name: interfacer-webpresence
--- a/apps/interfacer-webpresence/service.yaml
+++ b/apps/interfacer-webpresence/service.yaml
@ -0,0 +1,12 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: interfacer-webpresence
 spec:
  type: ClusterIP
  ports:
    - name: http
      port: 4141
      targetPort: http
      protocol: TCP
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@ -0,0 +1,5 @@
 ---
 resources:
  - gitea
  - interfacer-webpresence
  - interfacer-core
--- a/base/apps/cert-manager/letsencrypt.yaml
+++ b/base/apps/cert-manager/letsencrypt.yaml
@ -1,30 +0,0 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: letsencrypt-acme-staging
 spec:
  acme:
    email: hostmaster@fabcity-hamburg.de
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-acme-key-staging
    solvers:
      - http01:
          ingress:
            class: nginx
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: letsencrypt-acme
 spec:
  acme:
    email: hostmaster@fabcity-hamburg.de
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-acme-key
    solvers:
      - http01:
          ingress:
            class: nginx
--- a/base/apps/keycloak/database.yaml
+++ b/base/apps/keycloak/database.yaml
@ -1,36 +0,0 @@
 ---
 apiVersion: postgres-operator.crunchydata.com/v1beta1
 kind: PostgresCluster
 metadata:
  name: fcos-keycloak-postgresql-cluster
 spec:
  postgresVersion: 14
  instances:
    - replicas: 1
      dataVolumeClaimSpec:
        accessModes:
          - "ReadWriteOnce"
        resources:
          requests:
            storage: 1Gi
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              podAffinityTerm:
                topologyKey: kubernetes.io/hostname
                labelSelector:
                  matchLabels:
                    postgres-operator.crunchydata.com/cluster: keycloak-db
                    postgres-operator.crunchydata.com/instance-set: "00"
  backups:
    pgbackrest:
      repos:
        - name: repo1
          volume:
            volumeClaimSpec:
              accessModes:
                - "ReadWriteOnce"
              resources:
                requests:
                  storage: 1Gi
--- a/base/apps/keycloak/instance.yaml
+++ b/base/apps/keycloak/instance.yaml
@ -1,16 +0,0 @@
 ---
 apiVersion: k8s.keycloak.org/v2alpha1
 kind: Keycloak
 metadata:
  name: fcos-keycloak
 spec:
  instances: 1
  hostname: id.dev.fabcity-hamburg.de
  serverConfiguration:
    - name: db
      value: postgres
    - name: db-url
      secret:
        name: fcos-keycloak-postgresql-cluster-pguser-fcos-keycloak-postgresql-cluster
        key: jdbc-uri
  tlsSecret: tls-keycloak
--- a/base/apps/keycloak/kustomization.yaml
+++ b/base/apps/keycloak/kustomization.yaml
@ -1,6 +0,0 @@
 ---
 namespace: keycloak
 resources:
  - database.yaml
  - instance.yaml
  - realm.yaml
--- a/base/apps/kustomization.yaml
+++ b/base/apps/kustomization.yaml
@ -1,4 +0,0 @@
 ---
 resources:
  - cert-manager
  # - keycloak
--- a/base/cert-manager/kustomization.yaml
+++ b/base/cert-manager/kustomization.yaml
@ -0,0 +1,11 @@
 ---
 # namespace: cert-manager
 resources:
  - namespace.yaml
 helmCharts:
  - name: cert-manager
    version: v1.10.1
    releaseName: interfacer-cert-manager
    repo: https://charts.jetstack.io
    namespace: cert-manager
    valuesFile: values.yaml
--- a/base/operators/cert-manager/namespace.yaml
+++ b/base/operators/cert-manager/namespace.yaml
--- a/base/cert-manager/values.yaml
+++ b/base/cert-manager/values.yaml
@ -0,0 +1,2 @@
 ---
 installCRDs: true
--- a/base/charts/external-dns/kustomization.yaml
+++ b/base/charts/external-dns/kustomization.yaml
@ -1,11 +0,0 @@
 ---
 namespace: external-dns
 resources:
  - namespace.yaml
 helmCharts:
  - name: external-dns
    version: 1.11.0
    releaseName: fcos-external-dns
    namespace: external-dns
    repo: https://kubernetes-sigs.github.io/external-dns/
    valuesFile: values.yaml
--- a/base/charts/external-dns/namespace.yaml
+++ b/base/charts/external-dns/namespace.yaml
@ -1,5 +0,0 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: external-dns
--- a/base/charts/external-dns/values.yaml
+++ b/base/charts/external-dns/values.yaml
@ -1,11 +0,0 @@
 ---
 provider: rfc2136
 extraArgs:
  - --rfc2136-host=dns.svc.mesh.sourceindex.de
  - --rfc2136-port=53
  - --rfc2136-zone=dev.fabcity-hamburg.de
  - --rfc2136-tsig-keyname=k8s
  - --rfc2136-tsig-secret=vIGI59apswrajcLTuw3j9xX9/Y/LewNtxJwqXxI3sUEQYvxRjQH7PuVtcEEXu4vr
  - --rfc2136-tsig-secret-alg=hmac-sha384
  - --rfc2136-tsig-axfr
  - --domain-filter=dev.fabcity-hamburg.de
--- a/base/charts/kustomization.yaml
+++ b/base/charts/kustomization.yaml
@ -1,5 +0,0 @@
 ---
 resources:
  - ingress-nginx
  - external-dns
  - gitea
--- a/base/charts/ingress-nginx/kustomization.yaml
+++ b/base/charts/ingress-nginx/kustomization.yaml
@ -4,8 +4,8 @@ resources:
  - namespace.yaml
 helmCharts:
  - name: ingress-nginx
-    version: 4.2.0
+    version: 4.4.0
-    releaseName: fcos-ingress-nginx
+    releaseName: interfacer-ingress-nginx
    repo: https://kubernetes.github.io/ingress-nginx
    namespace: ingress-nginx
    valuesFile: values.yaml
--- a/base/charts/ingress-nginx/namespace.yaml
+++ b/base/charts/ingress-nginx/namespace.yaml
--- a/base/charts/ingress-nginx/values.yaml
+++ b/base/charts/ingress-nginx/values.yaml
--- a/base/kustomization.yaml
+++ b/base/kustomization.yaml
@ -1,5 +1,4 @@
 ---
 resources:
-  - operators
+  - cert-manager
-  - charts
+  # - ingress-nginx
  - apps
--- a/base/operators/cert-manager/kustomization.yaml
+++ b/base/operators/cert-manager/kustomization.yaml
@ -1,6 +0,0 @@
 ---
 namespace: cert-manager
 resources:
  - namespace.yaml
  - subscription.yaml
  - operatorgroup.yaml
--- a/base/operators/cert-manager/operatorgroup.yaml
+++ b/base/operators/cert-manager/operatorgroup.yaml
@ -1,5 +0,0 @@
 ---
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
  name: cert-manager
--- a/base/operators/cert-manager/subscription.yaml
+++ b/base/operators/cert-manager/subscription.yaml
@ -1,11 +0,0 @@
 ---
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
  name: cert-manager
 spec:
  name: cert-manager
  channel: stable
  source: operatorhubio-catalog
  sourceNamespace: olm
  installPlanApproval: Automatic
--- a/base/operators/keycloak/kustomization.yaml
+++ b/base/operators/keycloak/kustomization.yaml
@ -1,6 +0,0 @@
 ---
 namespace: keycloak
 resources:
  - namespace.yaml
  - subscription.yaml
  - operatorgroup.yaml
--- a/base/operators/keycloak/namespace.yaml
+++ b/base/operators/keycloak/namespace.yaml
@ -1,5 +0,0 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: keycloak
--- a/base/operators/keycloak/operatorgroup.yaml
+++ b/base/operators/keycloak/operatorgroup.yaml
@ -1,8 +0,0 @@
 ---
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
  name: keycloak
 spec:
  targetNamespaces:
    - keycloak
--- a/base/operators/keycloak/subscription.yaml
+++ b/base/operators/keycloak/subscription.yaml
@ -1,11 +0,0 @@
 ---
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
  name: keycloak
 spec:
  name: keycloak-operator
  channel: candidate
  source: operatorhubio-catalog
  sourceNamespace: olm
  installPlanApproval: Automatic
--- a/base/operators/kustomization.yaml
+++ b/base/operators/kustomization.yaml
@ -1,5 +0,0 @@
 ---
 resources:
  - cert-manager
  - postgresql
  - keycloak
--- a/base/operators/postgresql/kustomization.yaml
+++ b/base/operators/postgresql/kustomization.yaml
@ -1,6 +0,0 @@
 ---
 namespace: postgresql
 resources:
  - namespace.yaml
  - subscription.yaml
  - operatorgroup.yaml
--- a/base/operators/postgresql/operatorgroup.yaml
+++ b/base/operators/postgresql/operatorgroup.yaml
@ -1,8 +0,0 @@
 ---
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
  name: postgresql
 spec:
  targetNamespaces:
    - keycloak
--- a/base/operators/postgresql/subscription.yaml
+++ b/base/operators/postgresql/subscription.yaml
@ -1,11 +0,0 @@
 ---
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
  name: postgresql
 spec:
  name: postgresql
  channel: v5
  source: operatorhubio-catalog
  sourceNamespace: olm
  installPlanApproval: Automatic
--- a/default.nix
+++ b/default.nix
@ -1,6 +0,0 @@
 (import (let lock = builtins.fromJSON (builtins.readFile ./flake.lock);
 in fetchTarball {
  url =
    "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
  sha256 = lock.nodes.flake-compat.locked.narHash;
 }) { src = ./.; }).defaultNix
--- a/docs/applications/gitea.md
+++ b/docs/applications/gitea.md
@ -1,7 +0,0 @@
 # Gitea
 * <https://gitea.com/gitea/helm-chart/>
 ```sh
 kubectl get secrets --namespace gitea fcos-gitea-inline-config -o jsonpath="{.data.admin}" | base64 --decode
 ```
--- a/docs/applications/keycloak.md
+++ b/docs/applications/keycloak.md
@ -1,10 +0,0 @@
 # Keycloak
 ```sh
 kubectl get secrets --namespace keycloak fcos-keycloak-initial-admin -o jsonpath="{.data.username}" | base64 --decode
 kubectl get secrets --namespace keycloak fcos-keycloak-initial-admin -o jsonpath="{.data.password}" | base64 --decode
 ```
 ```sh
 python -c 'import sys, yaml, json; print(yaml.dump(json.loads(sys.stdin.read())))' < realm-export.json > realm-export.yaml
 ```
--- a/docs/assets/fc_logo.ico
+++ b/docs/assets/fc_logo.ico
--- a/docs/assets/fc_logo.svg
+++ b/docs/assets/fc_logo.svg
@ -1,51 +0,0 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
   width="64.6567"
   height="64.999603"
   viewBox="0 0 64.6567 64.999603"
   fill="none"
   version="1.1"
   id="svg930"
   sodipodi:docname="fchh-logo.svg"
   inkscape:version="1.1.2 (0a00cf5339, 2022-02-04)"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:svg="http://www.w3.org/2000/svg">
  <defs
     id="defs934" />
  <sodipodi:namedview
     id="namedview932"
     pagecolor="#ffffff"
     bordercolor="#666666"
     borderopacity="1.0"
     inkscape:pageshadow="2"
     inkscape:pageopacity="0.0"
     inkscape:pagecheckerboard="0"
     showgrid="false"
     fit-margin-top="0"
     fit-margin-left="0"
     fit-margin-right="0"
     fit-margin-bottom="0"
     inkscape:zoom="8.4"
     inkscape:cx="62.619048"
     inkscape:cy="32.440476"
     inkscape:window-width="1910"
     inkscape:window-height="1164"
     inkscape:window-x="0"
     inkscape:window-y="0"
     inkscape:window-maximized="1"
     inkscape:current-layer="svg930" />
  <path
     d="M 48.5249,27.8242 V 9.80015 C 48.5247,9.61602 48.4761,9.43519 48.384,9.27578 48.2918,9.11638 48.1594,8.984 47.9999,8.89194 L 32.8528,0.140666 C 32.6931,0.048514 32.5121,0 32.3278,0 32.1435,0 31.9624,0.048514 31.8028,0.140666 L 16.6539,8.89019 C 16.4944,8.98225 16.362,9.11463 16.2698,9.27403 16.1777,9.43344 16.1291,9.61427 16.1289,9.7984 v 18.0258 l 15.6739,-9.0575 c 0.1596,-0.0922 0.3407,-0.1407 0.525,-0.1407 0.1843,0 0.3653,0.0485 0.525,0.1407 z"
     fill="#35a58e"
     id="path910" />
  <path
     d="m 32.3271,55.8487 15.6057,9.0102 c 0.1596,0.0922 0.3407,0.1407 0.525,0.1407 0.1843,0 0.3653,-0.0485 0.525,-0.1407 l 15.1489,-8.7495 c 0.1594,-0.092 0.2919,-0.2244 0.384,-0.3838 0.0922,-0.1594 0.1408,-0.3403 0.141,-0.5244 v -17.499 c -2e-4,-0.1842 -0.0488,-0.365 -0.141,-0.5244 -0.0921,-0.1594 -0.2246,-0.2918 -0.384,-0.3838 L 48.5278,27.8047 v 18.0765 c -2e-4,0.1841 -0.0488,0.365 -0.141,0.5244 -0.0921,0.1594 -0.2245,0.2918 -0.384,0.3838 z"
     fill="#3a70ca"
     id="path912" />
  <path
     d="m 32.3278,55.8487 -15.6057,9.0102 c -0.1596,0.0922 -0.3407,0.1407 -0.525,0.1407 -0.1843,0 -0.3653,-0.0485 -0.5249,-0.1407 L 0.524972,56.1094 C 0.365518,56.0174 0.233077,55.885 0.140935,55.7256 0.0487924,55.5662 1.88854e-4,55.3853 0,55.2012 V 37.7022 C 1.88854e-4,37.518 0.0487924,37.3372 0.140935,37.1778 0.233077,37.0184 0.365518,36.886 0.524972,36.794 L 16.1289,27.8047 v 18.0765 c 2e-4,0.1841 0.0488,0.365 0.1409,0.5244 0.0922,0.1594 0.2246,0.2918 0.3841,0.3838 z"
     fill="#eb4544"
     id="path914" />
 </svg>
--- a/docs/basics.md
+++ b/docs/basics.md
@ -1,3 +0,0 @@
 # Basics
 ## Concepts
--- a/docs/development/contributing.md
+++ b/docs/development/contributing.md
@ -1,142 +0,0 @@
 # Contributing <!-- omit in toc -->
 First of all, thank you for contributing to FabCityOS! The goal of this document is to provide everything you need to know in order to contribute to FabCityOS and its different integrations.
 - [Assumptions](#assumptions)
 - [How to Contribute](#how-to-contribute)
 - [Development Workflow](#development-workflow)
 - [Git Guidelines](#git-guidelines)
 - [Release Process (for internal team only)](#release-process-for-internal-team-only)
 ## Assumptions
 1. **You're familiar with [Gitlab](https://about.gitlab.com/learn/) and the [Merge Request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)(PR) workflow.**
 2. **You've read the FabCityOS [documentation](https://www.interfacerproject.eu/) and the [README](/README.md).**
 3. **You know about the FabCityOS [community](https://matrix.to/#/#fcos:fabcity.hamburg). Please use this for help.**
 ## How to Contribute
 1. Make sure that the contribution you want to make is explained or detailed in a GitHub issue! Find an [existing issue](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/issues) or [open a new one](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/issues/new).
 2. Once done, [fork the FabCityOS Core Chart repository](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) in your Gitlab account. Ask a maintainer if you want your issue to be checked before making a PR.
 3. [Create a new Git branch](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-new-branch).
 4. Review the [Development Workflow](#development-workflow) section that describes the steps to maintain the repository.
 5. Make the changes on your branch.
 6. [Submit the branch as a PR](https://docs.gitlab.com/ee/user/project/merge_requests/index.html) pointing to the `main` branch of the main fabcity-os-core-chart repository. A maintainer should comment and/or review your Pull Request within a few days. Although depending on the circumstances, it may take longer.<br>
   We do not enforce a naming convention for the PRs, but **please use something descriptive of your changes**, having in mind that the title of your PR will be automatically added to the next [release changelog](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/releases/).
 ## Development Workflow
 ### Setup <!-- omit in toc -->
 In order to use the different tools on this repository, you will first need to:
 - [Install Kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) on your machine. This will allow you to run commands against your Kubernetes cluster with the `kubectl` command.
 - [Install Helm](https://helm.sh/docs/intro/install/). This will allow you to run the `helm` command, enabling the installation and manipulation of Helm charts.
 - A Kubernetes cluster up and running. Any Kubernetes cluster can be used, on the cloud or locally installed on your machine. This can be easily achieved by [installing k3d](https://k3d.io/#installation), and creating a local cluster by running:
 - [Optional: Use the Nix Package Manager](https://nix.dev/tutorials/install-nix). This will allow you to make use of the [nixpkgs](https://github.com/NixOS/nixpkgs), automatically managing all required dependencies from the `nix shell env`. In addition you also need the [nixpkgs: direnv](https://search.nixos.org/packages?query=direnv) for automatic environment selection.
 #### Setup the development Cluster <!-- omit in toc -->
 ```bash
 k3d cluster create --config test/k3d-fcos-dev.yaml
 k3d cluster list
 k3d node list
 kubectl get --output wide nodes
 kubectl get --all-namespaces pods
 ```
 #### Deploy FabCityOS to the the development Cluster<!-- omit in toc -->
 ```sh
 kubectl kustomize overlays/dev --enable-helm | kubectl apply -f -
 ```
 #### Watch all resources <!-- omit in toc -->
 ```sh
 watch -n 1 kubectl get all --all-namespaces
 ```
 #### Remove the development Cluster <!-- omit in toc -->
 ```sh
 k3d cluster delete --all
 ```
 ### Tests and Linter <!-- omit in toc -->
 Each PR should pass the linter to be accepted.
 ```bash
 # Linter
 helm lint .
 ```
 Each PR should also check if the generated file `manifests/fcos.yaml` is updated with the new modifications.
 You can generated the manifest with the command line:
 ```bash
 helm template fcos . | grep -v 'helm.sh/chart:\|app.kubernetes.io/managed-by:' > manifests/FabCityOS.yaml
 ```
 Or just by comment the PR:
 ```txt
@FabCityOS sync-manifest
 ```
 Additionally, the CI will run a test to check if there are changes introduced to the charts. If changes were introduced, it will require you to update the Chart version.
 ## Git Guidelines
 ### Git Branches <!-- omit in toc -->
 All changes must be made in a branch and submitted as PR.
 We do not enforce any branch naming style, but please use something descriptive of your changes.
 ### Git Commits <!-- omit in toc -->
 As minimal requirements, your commit message should:
 - be capitalized
 - not finish by a dot or any other punctuation character (!,?)
 - start with a verb so that we can read your commit message this way: "This commit will ...", where "..." is the commit message.
  e.g.: "Fix the home page button" or "Add more tests for create_index method"
 We don't follow any other convention, but if you want to use one, we recommend [this one](https://chris.beams.io/posts/git-commit/).
 ### Pull Requests <!-- omit in toc -->
 Some notes on PRs:
 <!-- TODO: fix links -->
 - [Convert your PR as a draft]() if your changes are a work in progress: no one will review it until you pass your PR as ready for review.<br>
  The draft PR can be very useful if you want to show that you are working on something and make your work visible.
 - The branch related to the PR must be **up-to-date with `main`** before merging. Fortunately, this project [integrates a bot]() to automatically enforce this requirement without the PR author having to do it manually.
 - All PRs must be reviewed and approved by at least one maintainer.
 - The PR title should be accurate and descriptive of the changes. The title of the PR will be indeed automatically added to the next [release changelogs]().
 ## Release Process (for internal team only)
 FabCityOS tools follow the [Semantic Versioning Convention](https://semver.org/).
 ### Automation to Rebase and Merge the PRs <!-- omit in toc -->
 This project integrates a bot that helps us manage pull requests merging.<br>
 _[Read more about this]()._
 ### How to Publish the Release <!-- omit in toc -->
 ⚠️ Before doing anything, make sure you got through the guide about [Releasing an Integration]().
 ⚠️ Every PR that is merged to `main` introducing changes to the Helm Chart needs to modify the file, by increasing the version of the chart accordingly.
 Every PR that is merged to `main` triggers the automated release process, as specified at [``](). A GitHub Action will be triggered and publish a new release on the GitHub repository [releases](). This will enable users to start using the new version of the chart immediately after publishing.
 <hr>
 Thank you again for reading this through, we can not wait to begin to work with you if you made your way through this contributing guide ❤️
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@ -1,11 +0,0 @@
 # Getting Started
 ## Overview
 ## Features
 ## Supported Providers
 ## Resources
 ## Security
--- a/docs/index.md
+++ b/docs/index.md
@ -1,113 +0,0 @@
 <p align="center">
  <img src="https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png" alt="FabCity Hamburg" width="192" height="192" />
 </p>
 <h1 align="center">FabCityOS Kubernetes Integration Repo</h1>
 <h4 align="center">
  <a href="https://github.com/FabCityOS Core/FabCityOS Core">Helm Chart</a> |
  <a href="https://reflowos.dyne.org/docs/what_is_reflowOS">Documentation</a> |
  <a href="https://matrix.to/#/#fcos:fabcity.hamburg">Element</a> |
  <a href="https://www.interfacerproject.eu/">Website</a> |
  <a href="https://www.interfacerproject.eu/#news">Blog</a> |
 </h4>
 <p align="center">
  <a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
  <a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/badges/main/pipeline.svg" alt="Build status"></a>
  <a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Element"></a>
 </p>
 <p align="center">The FabCityOS Integration Repo for Kubernetes ⚓️</p>
 This Integration repo is designed to be a lightweight way to configure FabCityOS applications.
 **FabCityOS** is an operating system enabling a data-based circular economy via global collaboration and local production.
 ## Table of Contents <!-- omit in toc -->
 - [📖 Documentation](#-documentation)
 - [🚀 Getting Started](#-getting-started)
  - [Repository structure](#repository-structure)
 - [🤖 Compatibility with FabCityOS](#-compatibility-with-fabcityos)
 - [⚙️ Development Workflow and Contributing](#️-development-workflow-and-contributing)
 ## 📖 Documentation
 - [k3d](https://k3d.io/)
 - [kubectl](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands)
 - [kustomize](https://kubectl.docs.kubernetes.io/guides/)
 - [helm](https://helm.sh/docs/)
 - [kubectx](https://kubectx.dev/)
 - [kube-linter](https://github.com/stackrox/kube-linter)
 - [k9s](https://k9scli.io/)
 - [sops](https://github.com/mozilla/sops)
 - [cert-manager](https://cert-manager.io/docs/)y
 ## 🚀 Getting Started
 Kubernetes (K8s), is an open-source system for automating deployment, scaling, and management of containerized applications. You can run a FabCityOS Core instance inside your Kubernetes cluster, either if you want to expose it to the outside world or just let some other applications use it inside your cluster and take advantage of the instant and powerful search engine.
 First of all, you will need a Kubernetes cluster up and running. If you are not familiar with how Kuberentes works or need some help with this step, please check the [Kubernetes documentation](https://kubernetes.io/docs/home/).
 ### Repository structure
 ```yaml
 ├── apps                                # kustomize global applications folder
 │   ├── wordpress                       # kustomize global application folder
 │   │   ├── kustomization.yaml          # kustomize global application definition
 │   │   ├── charts                      # helm global chart config folder
 │   │   └── ...                         # kustomize global application objects
 │   └── ...                             # kustomize global applications objects
 ├── base                                # kustomize global objects folder
 │   ├── kustomization.yaml              # kustomize global application config
 │   └── ...                             # kustomize global cluster objects
 ├── overlays                            # kustomize environment overrides
 │   ├── dev                             # kustomize environment folder
 │   │   ├── kustomization.yaml          # kustomize environment definition
 │   │   └── apps                        # kustomize applications folder
 │   │       └── cert-manager            # kustomize application folder
 │   │           ├── kustomization.yaml  # kustomize application config
 │   │           └── ...                 # kustomize application objects
 │   └── ...                             # kustomize environment folder
 ├── .envrc                              # direnv support file
 ├── default.nix                         # nixos flake legacy support file
 ├── flake.lock                          # nixos flake versions lock file
 ├── flake.nix                           # nixos local runtime dependency
 ├── shell.nix                           # nixos local development shell
 ```
 ### Install kubectl <!-- omit in toc -->
 `kubectl` is the most commonly used CLI to manage a Kubernetes cluster. The installation instructions are [available here](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
 ### Deploy FabCityOS <!-- omit in toc -->
 #### Install Kustomize <!-- omit in toc -->
 Kustomize CLI is a Command Line Interface which will automate configuration management on your Kubernetes cluster. To install Kustomize, follow the [Kustomize installation instructions](https://kubectl.docs.kubernetes.io/installation/kustomize/).
 #### Install helm <!-- omit in toc -->
 Helm CLI is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
 #### Deploy FabCityOS <!-- omit in toc -->
 ```sh
 kubectl kustomize overlays/prod --enable-helm | kubectl apply -f -
 ```
 ## 🤖 Compatibility with FabCityOS
 We recommend that the Helm chart version is aligned to the version of the product you want to deploy. This will ensure that you are using a chart version that has been tested against the corresponding production version.
 This will also ensure that the documentation and examples for the chart will work with the version of the product, you are installing.
 For example, if you want to deploy an fcos `0.1.0` cluster, use the corresponding `0.1.0` [tag][fcos-010].
 The `master` version of these charts is intended to support the latest pre-release versions of our products, and therefore may or may not work with current released versions.
 ## ⚙️ Development Workflow and Contributing
 Any new contribution is more than welcome in this project!
 If you want to know more about the development workflow or want to contribute, please visit our [contributing guidelines](/CONTRIBUTING.md) for detailed instructions!
--- a/flake.lock
+++ b/flake.lock
@ -3,11 +3,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1650374568,
+        "lastModified": 1668681692,
-        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
        "type": "github"
      },
      "original": {
@ -18,11 +18,11 @@
    },
    "flake-utils": {
      "locked": {
-        "lastModified": 1656928814,
+        "lastModified": 1667395993,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
        "type": "github"
      },
      "original": {
@ -31,27 +31,117 @@
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "pre-commit-hooks",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1660459072,
        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1657425264,
+        "lastModified": 1669542132,
-        "narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
+        "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
+        "rev": "a115bb9bd56831941be3776c8a94005867f316a7",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-unstable-small",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1668984258,
        "narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-22.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1668994630,
        "narHash": "sha256-1lqx6HLyw6fMNX/hXrrETG1vMvZRGm2XVC9O/Jt0T6c=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "af50806f7c6ab40df3e6b239099e8f8385f6c78b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "pre-commit-hooks": {
      "inputs": {
        "flake-compat": "flake-compat",
        "flake-utils": "flake-utils",
        "gitignore": "gitignore",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
        "lastModified": 1669152228,
        "narHash": "sha256-FEDReoTLWJHXcNso7aaAlAUU7uOqIR6Hc/C/nqlfooE=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "078b0dee35e2da01334af682ec347463b70a9986",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
-        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs",
-        "flake-utils": "flake-utils",
+        "pre-commit-hooks": "pre-commit-hooks",
-        "nixpkgs": "nixpkgs"
+        "utils": "utils"
      }
    },
    "utils": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,22 +1,96 @@
 {
-  description = "SRX frugal bioreactor";
+  description = "Interfacer SWKit";
  inputs = {
-    nixpkgs = { url = "github:NixOS/nixpkgs/nixos-unstable-small"; };
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    flake-compat = {
+    utils.url = "github:numtide/flake-utils";
-      url = "github:edolstra/flake-compat";
+    pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
      flake = false;
    };
    flake-utils.url = "github:numtide/flake-utils";
  };
-  outputs = { self, nixpkgs, flake-utils, ... }@inputs:
+  outputs = {
-    flake-utils.lib.eachSystem [ "x86_64-linux" ] (system:
+    self,
-      let
+    nixpkgs,
-        pkgs = import nixpkgs {
+    pre-commit-hooks,
-          inherit system;
+    utils,
-          config = {
+    ...
-            allowUnfree = true;
+  }:
-            allowBroken = true;
+    utils.lib.eachDefaultSystem (
      system: let
        pkgs = nixpkgs.legacyPackages.${system};
      in {
        checks = {
          pre-commit-check = pre-commit-hooks.lib.${system}.run {
            src = utils.lib.cleanSource ./.;
            hooks = {
              alejandra.enable = true;
              nix-linter.enable = true;
              statix .enable = true;
            };
            settings.nix-linter.checks = [
              "DIYInherit"
              "EmptyInherit"
              "EmptyLet"
              "EtaReduce"
              "LetInInheritRecset"
              "ListLiteralConcat"
              "NegateAtom"
              "SequentialLet"
              "SetLiteralUpdate"
              "UnfortunateArgName"
              "UnneededRec"
              "UnusedArg"
              "UnusedLetBind"
              "UpdateEmptySet"
              "BetaReduction"
              "EmptyVariadicParamSet"
              "UnneededAntiquote"
              "no-FreeLetInFunc"
              "no-AlphabeticalArgs"
              "no-AlphabeticalBindings"
            ];
          };
        };
-      in { devShells.default = import ./shell.nix { inherit pkgs; }; });
+        devShell = with pkgs;
          mkShell {
            name = "interfacer.swkit";
            nativeBuildInputs = with pkgs; [
              alejandra
              cmctl
              conftest
              docker
              dotenv-linter
              editorconfig-checker
              git
              gnumake
              k9s
              kube3d
              kubeconform
              kubectl
              kubectx
              kubernetes-helm
              kubeval
              kubeval-schema
              kustomize
              mdl
              mdsh
              nix-linter
              pre-commit
              rnix-lsp
              vscodium-fhs
              yaml-language-server
              yamllint
              yq
            ];
            postInstall = ''
              . <(helm completion $(basename $SHELL))
              . <(k3d completion $(basename $SHELL))
              . <(kubectl completion $(basename $SHELL))
              . <(ct completion $(basename $SHELL))
            '';
            shellHook = ''
              ${self.checks.${system}.pre-commit-check.shellHook}
            '';
          };
      }
    );
 }
--- a/ci/k3d-fcos-dev.yaml
+++ b/ci/k3d-fcos-dev.yaml
@ -1,7 +1,7 @@
 ---
 apiVersion: k3d.io/v1alpha4
 kind: Simple
-image: docker.io/rancher/k3s:v1.23.8-k3s1
+image: docker.io/rancher/k3s:v1.23.14-k3s1
 servers: 1
 agents: 2
 ports:
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -1,34 +0,0 @@
 site_name: Fab City OS
 site_description: A Kubernetes environment to rollout the Fab City OS Core and Software Kit.
 site_author: Fab City Hamburg e. V.
 site_url: https://fabcityos.fabcity.hamburg/
 repo_url: https://gitlab.fabcity.hamburg/software/fabcity-os-integration/
 copyright: © 2022 <a href="https://www.interfacerproject.eu/">INTERFACER, All rights reserved.</a>.
 theme:
  name: material
  locale: en
  logo: assets/fc_logo.svg
  favicon: assets/fc_logo.ico
 nav:
  - Home: index.md
  - Getting started: getting-started.md
  - Application:
      - Keycloak: applications/keycloak.md
      - Gitea: applications/gitea.md
  - Development:
      - Contributing: development/contributing.md
 markdown_extensions:
  - attr_list
  - md_in_html
  - tables
  - toc
  - pymdownx.highlight:
      anchor_linenums: true
  - pymdownx.inlinehilite
  - pymdownx.snippets
  - pymdownx.superfences
 plugins:
  - search
 extra:
  generator: false
  homepage: https://www.interfacerproject.eu/
--- a/overlays/dev/cert-manager/kustomization.yaml
+++ b/overlays/dev/cert-manager/kustomization.yaml
@ -1,4 +1,4 @@
 ---
 namespace: cert-manager
 resources:
-  - selfsigned.yaml
+  - letsencrypt.yaml
--- a/overlays/dev/cert-manager/letsencrypt.yaml
+++ b/overlays/dev/cert-manager/letsencrypt.yaml
@ -0,0 +1,15 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: letsencrypt
 spec:
  acme:
    email: hostmaster@fabcity-hamburg.de
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-key
    solvers:
      - http01:
          ingress:
            class: nginx
--- a/overlays/dev/cert-manager/selfsigned.yaml
+++ b/overlays/dev/cert-manager/selfsigned.yaml
@ -1,24 +0,0 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: selfsigned-issuer
 spec:
  selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: selfsigned-issuer
 spec:
  isCA: true
  duration: 8760h
  secretName: tls-selfsigned-issuer
  commonName: selfsigned-issuer
  subject:
    organizations:
      - k8s-local-dev
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io
--- a/overlays/dev/gitea/ingress.yaml
+++ b/overlays/dev/gitea/ingress.yaml
@ -0,0 +1,22 @@
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: gitea
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt
 spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: gitea
                port:
                  name: http
  tls:
    - hosts:
        - code.k8s.dev.fabcity-hamburg.de
--- a/overlays/dev/gitea/kustomization.yaml
+++ b/overlays/dev/gitea/kustomization.yaml
@ -0,0 +1,24 @@
 ---
 namespace: gitea
 # patches:
 #   - target:
 #       kind: Ingress
 #       group: networking.k8s.io
 #       version: v1
 #       labelSelector: "app=gitea"
 #     patch: |-
 #       - op: replace
 #         path: /spec/rules
 #         value:
 #           - host: code.k8s.dev.fabcity-hamburg.de
 #             http:
 #               paths:
 #                 - path: /
 #                   pathType: Prefix
 #       - op: replace
 #         path: /spec/tls
 #         value:
 #           - secretName: gitea-tls
 #             hosts:
 #               - code.k8s.dev.fabcity-hamburg.de
--- a/overlays/dev/keycloak/certificate.yaml
+++ b/overlays/dev/keycloak/certificate.yaml
@ -1,26 +0,0 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: tls-keycloak
  labels:
    app: keycloak
 spec:
  secretName: tls-keycloak
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
    rotationPolicy: Always
  subject:
    organizations:
      - keycloak
  duration: 2160h
  renewBefore: 360h
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
  commonName: "id.dev.fabcity-hamburg.de"
  dnsNames:
    - "id.dev.fabcity-hamburg.de"
--- a/overlays/dev/keycloak/kustomization.yaml
+++ b/overlays/dev/keycloak/kustomization.yaml
@ -1,4 +0,0 @@
 ---
 namespace: keycloak
 resources:
  - certificate.yaml
--- a/overlays/dev/kustomization.yaml
+++ b/overlays/dev/kustomization.yaml
@ -1,5 +1,6 @@
 ---
 resources:
  - ../../base
  - ../../apps
  - cert-manager
-  - keycloak
+  - gitea
--- a/overlays/prod/cert-manager/kustomization.yaml
+++ b/overlays/prod/cert-manager/kustomization.yaml
--- a/overlays/prod/cert-manager/letsencrypt.yaml
+++ b/overlays/prod/cert-manager/letsencrypt.yaml
@ -0,0 +1,15 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: letsencrypt
 spec:
  acme:
    email: hostmaster@fabcity-hamburg.de
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-key
    solvers:
      - http01:
          ingress:
            class: nginx
--- a/overlays/prod/gitea/kustomization.yaml
+++ b/overlays/prod/gitea/kustomization.yaml
@ -1,24 +0,0 @@
 ---
 namespace: gitea
 patches:
  - target:
      kind: Ingress
      group: networking.k8s.io
      version: v1
      labelSelector: "app=gitea"
    patch: |-
      - op: replace
        path: /spec/rules
        value:
          - host: code.fabcity-hamburg.de
            http:
              paths:
                - path: /
                  pathType: Prefix
      - op: replace
        path: /spec/tls
        value:
          - secretName: gitea-tls
            hosts:
              - code.fabcity-hamburg.de
--- a/overlays/prod/interfacer-webpresence/ingress.yaml
+++ b/overlays/prod/interfacer-webpresence/ingress.yaml
@ -0,0 +1,22 @@
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: interfacer-webpresence
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt
 spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: interfacer-webpresence
                port:
                  name: http
  tls:
    - hosts:
        - www.k8s.dev.fabcity-hamburg.de
--- a/overlays/prod/interfacer-webpresence/kustomization.yaml
+++ b/overlays/prod/interfacer-webpresence/kustomization.yaml
@ -0,0 +1,3 @@
 ---
 resources:
  - ingress.yaml
--- a/overlays/prod/keycloak/kustomization.yaml
+++ b/overlays/prod/keycloak/kustomization.yaml
@ -1,44 +0,0 @@
 ---
 namespace: keycloak
 patches:
  - target:
      kind: PostgresCluster
      group: postgres-operator.crunchydata.com
      version: v1beta1
    patch: |-
      - op: replace
        path: /spec/instances
        value:
          - replicas: 2
            dataVolumeClaimSpec:
              accessModes:
                - "ReadWriteOnce"
              resources:
                requests:
                  storage: 1Gi
            affinity:
              podAntiAffinity:
                preferredDuringSchedulingIgnoredDuringExecution:
                  - weight: 1
                    podAffinityTerm:
                      topologyKey: kubernetes.io/hostname
                      labelSelector:
                        matchLabels:
                          postgres-operator.crunchydata.com/cluster: keycloak-db
                          postgres-operator.crunchydata.com/instance-set: "00"
  - target:
      kind: Keycloak
      group: k8s.keycloak.org
      version: v2alpha1
    patch: |-
      - op: replace
        path: /spec/instances
        value: 2
  - target:
      kind: Keycloak
      group: k8s.keycloak.org
      version: v2alpha1
    patch: |-
      - op: replace
        path: /spec/hostname
        value: id.fabcity-hamburg.de
--- a/overlays/prod/kustomization.yaml
+++ b/overlays/prod/kustomization.yaml
@ -1,17 +1,6 @@
 ---
 resources:
  - ../../base
-  - keycloak
+  - ../../apps
-  - gitea
+  - cert-manager
-patches:
+  - interfacer-webpresence
  - target:
      kind: Ingress
      group: networking.k8s.io
      version: v1
    patch: |-
      - op: replace
        path: /metadata/annotations
        value:
          kubernetes.io/ingress.class: "nginx"
          kubernetes.io/tls-acme: "true"
          cert-manager.io/cluster-issuer: "letsencrypt-acme
--- a/shell.nix
+++ b/shell.nix
@ -1,54 +0,0 @@
 { pkgs ? import <nixpkgs> { } }:
 with pkgs;
 mkShell {
  name = "fcos.integration";
  buildInputs = with pkgs; [
    cmctl
    conftest
    editorconfig-checker
    git
    gnumake
    hadolint
    k9s
    krew
    kube-score
    kube3d
    kubeconform
    kubectl
    kubectx
    kubernetes-helm
    kubeval
    kubeval-schema
    kustomize
    lens
    mdl
    mdsh
    minio
    nix-linter
    nixpkgs-fmt
    open-policy-agent
    operator-sdk
    pre-commit
    python310Packages.mkdocs
    python310Packages.mkdocs-material
    python310Packages.mkdocs-material-extensions
    rnix-lsp
    vscodium-fhs
    yamale
    yaml-language-server
    yamllint
    yq
  ];
  postInstall = ''
    . <(helm completion $(basename $SHELL))
    . <(k3d completion $(basename $SHELL))
    . <(k9s completion $(basename $SHELL))
    . <(kubectl completion $(basename $SHELL))
    . <(kustomize completion $(basename $SHELL))
    . <(opa completion $(basename $SHELL))
    . <(operator-sdk completion $(basename $SHELL))
  '';
 }
--- a/test/labels.rego
+++ b/test/labels.rego
@ -1,20 +0,0 @@
 package main
 import data.kubernetes
 name = input.metadata.name
 required_deployment_labels {
 	input.metadata.labels["app.kubernetes.io/name"]
 	input.metadata.labels["app.kubernetes.io/instance"]
 	input.metadata.labels["app.kubernetes.io/version"]
 	input.metadata.labels["app.kubernetes.io/component"]
 	input.metadata.labels["app.kubernetes.io/part-of"]
 	input.metadata.labels["app.kubernetes.io/managed-by"]
 }
 deny[msg] {
 	kubernetes.is_deployment
 	not required_deployment_labels
 	msg = sprintf("%s must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
 }
--- a/test/run_as_root.rego
+++ b/test/run_as_root.rego
@ -1,7 +0,0 @@
 package main
 deny[msg] {
 	input.kind = "Deployment"
 	not input.spec.template.spec.securityContext.runAsNonRoot = true
 	msg = sprintf("%s Containers must not run as root", [name])
 }
--- a/test/selector.rego
+++ b/test/selector.rego
@ -1,11 +0,0 @@
 package main
 import data.kubernetes
 name = input.metadata.name
 deny[msg] {
 	input.kind = "Deployment"
 	not input.spec.selector.matchLabels.app
 	msg = sprintf("%s must provide app label for pod selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
 }