chore: initial infrastructure scaffold

Kustomize base + overlays for the full Sunbeam k3s stack: - base/mesh — Linkerd edge (crds + control-plane + viz) - base/ingress — custom Pingora edge proxy - base/ory — Kratos 0.60.1 + Hydra 0.60.1 + login-ui - base/data — CloudNativePG 0.27.1, Valkey 8, OpenSearch 2 - base/storage — SeaweedFS master + volume + filer (S3 on :8333) - base/lasuite — Hive sync daemon + La Suite app placeholders - base/media — LiveKit livekit-server 1.9.0 - base/devtools — Gitea 12.5.0 (external PG + Valkey) overlays/local — sslip.io domain, mkcert TLS, Lima hostPort overlays/production — stub (TODOs for sunbeam.pt values) scripts/ — local-up/down/certs/urls helpers justfile — up / down / certs / urls targets
2026-02-28 13:42:27 +00:00
commit 5d9bd7b067
51 changed files with 2647 additions and 0 deletions
--- a/base/ory/kratos-values.yaml
+++ b/base/ory/kratos-values.yaml
@@ -0,0 +1,60 @@
+# Base Ory Kratos Helm values.
+# DOMAIN_SUFFIX is replaced by overlay patches (sunbeam.pt / <LIMA_IP>.sslip.io).
+# DSN and SMTP credentials come from the overlay-specific Secret.
+
+kratos:
+  config:
+    version: v0.13.0
+
+    dsn: "postgresql://kratos:$(KRATOS_DB_PASSWORD)@postgres-rw.data.svc.cluster.local:5432/kratos_db"
+
+    selfservice:
+      default_browser_return_url: https://auth.DOMAIN_SUFFIX/
+      allowed_return_urls:
+        - https://auth.DOMAIN_SUFFIX/
+        - https://docs.DOMAIN_SUFFIX/
+        - https://meet.DOMAIN_SUFFIX/
+        - https://drive.DOMAIN_SUFFIX/
+        - https://mail.DOMAIN_SUFFIX/
+        - https://chat.DOMAIN_SUFFIX/
+        - https://people.DOMAIN_SUFFIX/
+        - https://src.DOMAIN_SUFFIX/
+      flows:
+        login:
+          ui_url: https://auth.DOMAIN_SUFFIX/login
+        registration:
+          ui_url: https://auth.DOMAIN_SUFFIX/registration
+        recovery:
+          ui_url: https://auth.DOMAIN_SUFFIX/recovery
+        settings:
+          ui_url: https://auth.DOMAIN_SUFFIX/settings
+
+    identity:
+      default_schema_id: default
+      schemas:
+        - id: default
+          url: file:///etc/config/kratos/identity.schema.json
+
+    courier:
+      smtp:
+        connection_uri: "smtp://$(SMTP_USER):$(SMTP_PASSWORD)@localhost:25/"
+        from_address: no-reply@DOMAIN_SUFFIX
+        from_name: Sunbeam
+
+    serve:
+      public:
+        base_url: https://auth.DOMAIN_SUFFIX/kratos/
+        cors:
+          enabled: true
+          allowed_origins:
+            - https://*.DOMAIN_SUFFIX
+      admin:
+        base_url: http://kratos-admin.ory.svc.cluster.local:4434/
+
+deployment:
+  resources:
+    limits:
+      memory: 64Mi
+    requests:
+      memory: 32Mi
+      cpu: 25m