From 360069a8e8201903c662ce891deabea162e4cac5 Mon Sep 17 00:00:00 2001
From: Paul Payne <paul@payne.io>
Date: Fri, 8 Aug 2025 09:27:48 -0700
Subject: [PATCH] Adds redis password. Adds tlsSecretName config to manifests.

---
 apps/example-admin/manifest.yaml          |  2 ++
 apps/example-app/manifest.yaml            |  2 ++
 apps/future-apps.md                       | 36 -----------------------
 apps/ghost/manifest.yaml                  |  1 +
 apps/immich/deployment-microservices.yaml | 13 ++++++++
 apps/immich/deployment-server.yaml        |  5 ++++
 apps/immich/manifest.yaml                 |  2 ++
 apps/keila/manifest.yaml                  |  1 +
 apps/openproject/manifest.yaml            |  5 ++--
 apps/redis/manifest.yaml                  |  2 ++
 10 files changed, 31 insertions(+), 38 deletions(-)
 delete mode 100644 apps/future-apps.md

diff --git a/apps/example-admin/manifest.yaml b/apps/example-admin/manifest.yaml
index 38b020a..755243d 100644
--- a/apps/example-admin/manifest.yaml
+++ b/apps/example-admin/manifest.yaml
@@ -2,3 +2,5 @@ name: example-admin
 install: true
 description: An example application that is deployed with internal-only access.
 version: 1.0.0
+defaultConfig:
+  tlsSecretName: wildcard-internal-wild-cloud-tls
diff --git a/apps/example-app/manifest.yaml b/apps/example-app/manifest.yaml
index 14ef366..20d784f 100644
--- a/apps/example-app/manifest.yaml
+++ b/apps/example-app/manifest.yaml
@@ -2,3 +2,5 @@ name: example-app
 install: true
 description: An example application that is deployed with public access.
 version: 1.0.0
+defaultConfig:
+  tlsSecretName: wildcard-wild-cloud-tls
diff --git a/apps/future-apps.md b/apps/future-apps.md
deleted file mode 100644
index 72ece43..0000000
--- a/apps/future-apps.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# Future Apps to be added to Wild Cloud
-
-## Productivity
-
-- [Affine](https://docs.affine.pro/self-host-affine): A collaborative document editor with a focus on real-time collaboration and rich media support.
-- [Vaultwarden](https://github.com/dani-garcia/vaultwarden): A lightweight, self-hosted password manager that is compatible with Bitwarden clients.
-
-## Automation
-
-- [Home Assistant](https://www.home-assistant.io/installation/linux): A powerful home automation platform that focuses on privacy and local control.
-
-## Social
-
-- [Mastodon](https://docs.joinmastodon.org/admin/install/): A decentralized social network server that allows users to create their own instances.
-
-## Development
-
-- [Gitea](https://docs.gitea.io/en-us/install-from-binary/): A self-hosted Git service that is lightweight and easy to set up.
-
-## Media
-
-- [Jellyfin](https://jellyfin.org/downloads/server): A free software media system that allows you to organize, manage, and share your media files.
-- [Glance](https://github.com/glanceapp/glance): RSS aggregator.
-
-## Collaboration
-
-- [Discourse](https://github.com/discourse/discourse): A modern forum software that is designed for community engagement and discussion.
-- [Mattermost](https://docs.mattermost.com/guides/install.html): An open-source messaging platform that provides team collaboration features similar to Slack.
-- [Outline](https://docs.getoutline.com/install): A collaborative knowledge base and wiki platform that allows teams to create and share documentation.
-- [Rocket.Chat](https://rocket.chat/docs/installation/manual-installation/): An open-source team communication platform that provides real-time messaging, video conferencing, and file sharing.
-
-## Infrastructure
-
-- [Umami](https://umami.is/docs/installation): A self-hosted web analytics solution that provides insights into website traffic and user behavior.
-- [Authelia](https://authelia.com/docs/): A self-hosted authentication and authorization server that provides two-factor authentication and single sign-on capabilities.
-
diff --git a/apps/ghost/manifest.yaml b/apps/ghost/manifest.yaml
index 560ef52..8a27a2b 100644
--- a/apps/ghost/manifest.yaml
+++ b/apps/ghost/manifest.yaml
@@ -18,6 +18,7 @@ defaultConfig:
   adminEmail: "admin@{{ .cloud.domain }}"
   blogTitle: "My Blog"
   timezone: UTC
+  tlsSecretName: wildcard-wild-cloud-tls
   smtp:
     host: "{{ .cloud.smtp.host }}"
     port: "{{ .cloud.smtp.port }}"
diff --git a/apps/immich/deployment-microservices.yaml b/apps/immich/deployment-microservices.yaml
index 220280c..53651a0 100644
--- a/apps/immich/deployment-microservices.yaml
+++ b/apps/immich/deployment-microservices.yaml
@@ -25,6 +25,11 @@ spec:
           env:
             - name: REDIS_HOSTNAME
               value: "{{ .apps.immich.redisHostname }}"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: immich-secrets
+                  key: apps.redis.password
             - name: DB_HOSTNAME
               value: "{{ .apps.immich.dbHostname }}"
             - name: DB_USERNAME
@@ -46,3 +51,11 @@ spec:
         - name: immich-storage
           persistentVolumeClaim:
             claimName: immich-pvc
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app: immich
+                component: server
+            topologyKey: kubernetes.io/hostname
diff --git a/apps/immich/deployment-server.yaml b/apps/immich/deployment-server.yaml
index 8755b15..e43c2d6 100644
--- a/apps/immich/deployment-server.yaml
+++ b/apps/immich/deployment-server.yaml
@@ -28,6 +28,11 @@ spec:
           env:
             - name: REDIS_HOSTNAME
               value: "{{ .apps.immich.redisHostname }}"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: immich-secrets
+                  key: apps.redis.password
             - name: DB_HOSTNAME
               value: "{{ .apps.immich.dbHostname }}"
             - name: DB_USERNAME
diff --git a/apps/immich/manifest.yaml b/apps/immich/manifest.yaml
index 276fd2d..6a3a397 100644
--- a/apps/immich/manifest.yaml
+++ b/apps/immich/manifest.yaml
@@ -18,6 +18,8 @@ defaultConfig:
   dbHostname: postgres.postgres.svc.cluster.local
   dbUsername: immich
   domain: immich.{{ .cloud.domain }}
+  tlsSecretName: wildcard-wild-cloud-tls
 requiredSecrets:
   - apps.immich.dbPassword
   - apps.postgres.password
+  - apps.redis.password
diff --git a/apps/keila/manifest.yaml b/apps/keila/manifest.yaml
index c3dea44..7b52dfb 100644
--- a/apps/keila/manifest.yaml
+++ b/apps/keila/manifest.yaml
@@ -14,6 +14,7 @@ defaultConfig:
   dbUsername: keila
   disableRegistration: "true"
   adminUser: admin@{{ .cloud.domain }}
+  tlsSecretName: wildcard-wild-cloud-tls
   smtp:
     host: "{{ .cloud.smtp.host }}"
     port: "{{ .cloud.smtp.port }}"
diff --git a/apps/openproject/manifest.yaml b/apps/openproject/manifest.yaml
index 9f1f561..9ba646f 100644
--- a/apps/openproject/manifest.yaml
+++ b/apps/openproject/manifest.yaml
@@ -20,13 +20,14 @@ defaultConfig:
   hsts: true
   seedLocale: en
   adminUserName: OpenProject Admin
-  adminUserEmail: '{{ .operator.email }}'
+  adminUserEmail: "{{ .operator.email }}"
   adminPasswordReset: true
   postgresStatementTimeout: 120s
   tmpVolumesStorage: 2Gi
+  tlsSecretName: wildcard-wild-cloud-tls
   cacheStore: memcache
   railsRelativeUrlRoot: ""
 requiredSecrets:
   - apps.openproject.dbPassword
   - apps.openproject.adminPassword
-  - apps.postgres.password
\ No newline at end of file
+  - apps.postgres.password
diff --git a/apps/redis/manifest.yaml b/apps/redis/manifest.yaml
index a908107..d3e7c06 100644
--- a/apps/redis/manifest.yaml
+++ b/apps/redis/manifest.yaml
@@ -7,3 +7,5 @@ defaultConfig:
   image: redis:alpine
   timezone: UTC
   port: 6379
+requiredSecrets:
+  - apps.redis.password