feat(home-assistant): add mqtt integration

kubernetes/main/apps/home-automation/external-secrets/secrets/mqtt-secret.yaml → kubernetes/main/apps/home-automation/external-secrets/secrets/emqx-secret.yaml

@@ -3,12 +3,12 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: mqtt-secret
+  name: emqx-secret
 spec:
   dataFrom:
     - extract:
-        key: mqtt-secret
+        key: emqx-secret
       sourceRef:
         storeRef:
-          name: mqtt-secret-store
+          name: emqx-secret-store
           kind: ClusterSecretStore

kubernetes/main/apps/home-automation/external-secrets/secrets/kustomization.yaml

@@ -3,5 +3,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./mqtt-secret.yaml
+  - ./emqx-secret.yaml
   - ./postgres-secret.yaml

kubernetes/main/apps/home-automation/external-secrets/stores/rbac.yaml

@@ -13,9 +13,10 @@ rules:
     resources:
       - secrets
     resourceNames:
+      - ebusd-emqx-secret
       - home-assistant-config-secret
+      - home-assistant-emqx-secret
       - home-assistant-postgres-dburl
-      - home-assistant-postgres-recorder-initdb
       - home-assistant-postgres-recorder-secret
     verbs:
       - get

kubernetes/main/apps/home-automation/home-assistant/app/emqx-init-secret.yaml

@@ -0,0 +1,40 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: home-assistant-emqx-init
+spec:
+  target:
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        INIT_EMQX_API_HOST: "{{ .emqx_api_host }}"
+        INIT_EMQX_API_PORT: "{{ .emqx_api_port }}"
+        INIT_EMQX_ACCESS_KEY: "{{ .emqx_username }}"
+        INIT_EMQX_SECRET_KEY: "{{ .emqx_password }}"
+        INIT_EMQX_USER: "{{ .hass_username }}"
+        INIT_EMQX_PASS: "{{ .hass_password }}"
+        INIT_EMQX_TOPIC: "homeassistant"
+  dataFrom:
+    - extract:
+        key: emqx-secret
+      rewrite:
+        - regexp:
+            source: "^(.*)$"
+            target: "emqx_$1"
+      sourceRef:
+        storeRef:
+          name: emqx-secret-store
+          kind: ClusterSecretStore
+    - extract:
+        key: home-assistant-emqx-secret
+      rewrite:
+        - regexp:
+            source: "^(.*)$"
+            target: "hass_$1"
+      sourceRef:
+        storeRef:
+          name: home-automation-secret-store
+          kind: SecretStore

kubernetes/main/apps/home-automation/home-assistant/app/emqx-secret.sops.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: home-assistant-emqx-secret
+type: kubernetes.io/basic-auth
+stringData:
+    username: ENC[AES256_GCM,data:JrjmN3cDemLsbUFDJYc=,iv:bxCy2V4IrvV0rdEV8UExkHe1CmwpQVMBXv7TQ7QzjEw=,tag:0qcVhv0Itg1uFZHGyq29wA==,type:str]
+    password: ENC[AES256_GCM,data:jahDMh6zO0mDmACZfKcy78wUCDecSRpoxvqUFuTd5/kLMqDkg7tk4A==,iv:KSgcyaqYMtDqfAhmgpZtrmldQz01jZYhDRwNBoKcakg=,tag:jDf8OVQa3XtlROwuIRpWgQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0alFUWTBleUFFZHJweFBu
+            VURqQUJVT1d0cmNJNE5ORG1lSjNqZzVuem1ZCitWRXhReWxoTUs0djJUNXJPSTVk
+            aUZZaUdoUlJaTVVnRlBmQVh3UzBZbDgKLS0tIFdha1h2UGI0L2FPSEgyeTIyVXJL
+            Y2JkSnVhL1o0dDBCOWpFb2ZyNEFkZ00KmGjxwrjRrnOBbEq3wPWCt79lMC2EwWd8
+            6IqaQW+pRzCh4Lzj3Nj4vu4YQw75HI0sx3W46HgyD33Qsya2Df6sxQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-26T23:57:04Z"
+    mac: ENC[AES256_GCM,data:45ypnfHFcMoJtcrpw3ApIDZKsdRpg5Dntc5BYgCWIt1nNCArhH2duW/TD2WsMf+cTmeqY8quMmoI/Q/H6blpOYPRM8EQfXL3spmDNrpWm39wt3ja5e+uneKX1eDMxhyYkt71IiuVZtERSr1sorIZk9SK6vZVWBWo53msan3XuUc=,iv:nrxNk0NAg/jMEuNqD4RULTYwDcOYL7vfuvDGXg6VbC8=,tag:ZSMvaJdyH98zLzKCEqkQ4Q==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

kubernetes/main/apps/home-automation/home-assistant/app/helmrelease.yaml

@@ -47,7 +47,7 @@ spec:
             "namespace": "kube-system",
             "ips": ["192.168.101.254/24"]
           }]
-        reloader.stakater.com/auto: "true"
+        secret.reloader.stakater.com/reload: "home-assistant-emqx-init,home-assistant-secret"
       securityContext:
         runAsUser: 0
         runAsGroup: 0
@@ -118,6 +118,13 @@ spec:
                           apt install --yes net-tools
                         ) > /tmp/postStart.log 2>&1 || true
         initContainers:
+          emqx-init:
+            image:
+              repository: ghcr.io/prehor/emqx-init
+              tag: 1.0.0
+            envFrom:
+              - secretRef:
+                  name: home-assistant-emqx-init
           recorder-initdb:
             image:
               repository: ghcr.io/onedr0p/postgres-init

kubernetes/main/apps/home-automation/home-assistant/app/kustomization.yaml

@@ -6,8 +6,10 @@ resources:
   - ./helmrelease.yaml
   - ./config-deploy-key.sops.yaml
   - ./config-secret.sops.yaml
-  - ./config-secret.yaml
+  - ./emqx-init-secret.yaml
+  - ./emqx-secret.sops.yaml
   - ./postgres-dburl-secret.yaml
   - ./postgres-recorder-initdb-secret.yaml
   - ./postgres-recorder-secret.sops.yaml
+  - ./secret.yaml
   - ../../../../templates/volsync

kubernetes/main/apps/home-automation/home-assistant/app/config-secret.yaml → kubernetes/main/apps/home-automation/home-assistant/app/secret.yaml

@@ -16,16 +16,6 @@ spec:
         storeRef:
           name: home-automation-secret-store
           kind: SecretStore
-    - extract:
-        key: mqtt-secret
-      rewrite:
-        - regexp:
-            source: "^(.*)$"
-            target: "mqtt_$1"
-      sourceRef:
-        storeRef:
-          name: mqtt-secret-store
-          kind: ClusterSecretStore
     - extract:
         key: home-assistant-postgres-dburl
       rewrite: