Skip to content

Commit

Permalink
feat: add ebusd
Browse files Browse the repository at this point in the history
  • Loading branch information
prehor committed Jul 2, 2024
1 parent 0aa4091 commit bbbbb94
Show file tree
Hide file tree
Showing 8 changed files with 385 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: v1
kind: Secret
metadata:
name: ebusd-config-deploy-key
type: kubernetes.io/ssh-auth
stringData:
ssh-privatekey: ENC[AES256_GCM,data:FgLKm8XNvj7PisZNng0vJ9sd3qHMfKRmoP4vDuy93cusYV7HmR+zI4hM1lZ93lHC5flj20OqW1MSIBkclrRuB95hMFl8o9gfYNrph0MCTk192FbMFYD0K4MDrXYtWXMdv+cg6WLYahBeiCObK69DjzewD3RritiDZLLW5sgR/U1DGSBiFgGxfkC0Qc22r6IzY0fb6qu0/5GKIFRCdO11HKp9AIRPheiAaBRSiZRHtXcvdfNwzoOCeNf6TXyVeDhDrX8hTOzTMrsDVq85+NeTF3cMjdoSjv/q2Qbq8xasFcYh1Uk95qAv7ufIDFBvYkPLHVmQR8GdMUif1T/OH/AwvkiW8s3BVNrXI13yzd4A9MUdGuic+fhR26WTBbPqgM/QBUoPFGxaJEmoQNvX4eQrXfzs2ukyu+EDPCshcS8Xb9cuX8nbUzX9RAcnYYKhRzPofSEWhOrSZjW/5DoBcqJ9vwVi0I4YWGBzTl51dzM1Be0piO4G7pVZJTL1YqNgRmGxc8/YTLb7e51sry5A32vG1OTlJnkeeLCRdrJTzaMKhgVs0fU=,iv:nuh1/y4b9pdacvKiaGHctrZjP9nfMmF21fea2hc4tCQ=,tag:/Hzw+9TS/ghbOZwnsxTPsg==,type:str]
ssh-privatekey-type: ENC[AES256_GCM,data:7ArBiHJgrw==,iv:HARFrYhoAvM1CjbUUQh9/nMtRll8nIEprjn33Gsk4Jc=,tag:BvfzrVLaz8yBCj5f8CMDYw==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:QOBt7z+ErV81bhnZKZzOJLlxH3hePo54XvXa5t9enJq56Ei8hUEwpUNW1M+bcDQmRn7XvjtQr9RB796Dh0rLYBGn0QzvilOL22ZHLYq0FurD/lhhRq9YUXjd0TBttkW2xssSVj8Aq9ZM+ym01tBU2xjrVpxmqo0ktVDlogx60CYjPw38phHEuTNNkLFcBQKWvZXCltTA/S34rM1vK+vAhrMSMZk00jLOMJ69JmVbfkWI+hmB/MPNpz+HIVXfGHfpn8sedMjkhPvbsp8z3dGRDcbwAcE4lrHrZIjyDO882FMJ+2v+PZACtvI49n9k8ihquFRrsBkPbc0WnnOCSbq4+MGh4XvBHQdNFgsYV8zf206BVzENOKF661Ds++Rz6ytjguiols482r1yziBR6L1/AnXze95oNd5dGUzYEvXN+Hl60/t2dwOzjeBCYn6ekw0PRpYE970kCA31I1KavepUaeIBtxCn7GFAhYVWEwQFI7MyR77K6a7TbsdDukfkHww8XjcoQSm+/5XSsLAbBoqqPv8f2LcwV2YXkDX8KrwlNPZoxghH1rFXzhTEKg1ErUJNt96nAJ3cr4kfsyWnq3aA6cyimoRjdhW4JPbx13ubuz4b19Fu/9sKxGJG8akJU+1Bz8KXLV9uJjOQO91qi5+dDk1w8Hvu9GX3wnS0EiaCLh8tVNDDdtdtATUPS+MZEkMVFTGYfW0auRR2nfoPyTJgpvtRxi7dToxKpA67jacj+j4NQRwm0sKamwDN0xBWfENeuaZ/NHbFWzC+xssZmSeA/FRTPmdEpLQQ8jcG+MI9Fc8xnd+Ydz/GCv6TdWPazww0C6X4ERTBk5eo9BEMAjDo8jF9A5aRDThgx/rxeDz01G0JgYzDR1rPZWJLTpHenJOx6sjzRQukHHi1dK0aMaP9JNfuARAgx0/H4/xxRRsV6QTd6H7rbsMxPyXQMMeAjM9t1l0cnhxglR/wUiW6GJi3LnfXDvRVx2KQDetO605zI6O4ZDUtEgTNlZ2PotZ42/hhDRF56GmhF5z8XU1KLEhVG0N0rZXxB5NmNQtHbu5Wx9qpUHe7YgTvAHIbUzkvf4VZ0sTxuxMNYvXONEEu,iv:SG9Rjm6OO69IVNtdE6wtdqApW0svCUTYHtMH1/FxluA=,tag:+Zuaf+b7LaOlOUlgKyb0IA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzL2FNUlZqWFFtUGRPUE5o
Rm0zNmplVE9ocTVaQ3V4OFRwRDJXVkF2MEJjCjBZS1Y3RFFXcHVZQmU4ejV6QTlT
QVh0bXZzNy9aTTllQ1FaRGtwM25SaDgKLS0tIDd0U2Y1MU5oL0RsUjg0UHZleC9D
aVNLZzdlbmFHVXVQMldXa0VvRHJoU0EKWzThM5A/IjS4XBvmxHZFr3pywKitjbfK
CKnctMdz2AcJ224TUl6PEc7GVZdCycHZn9nK2zP6tcY8bPlX4VBP4Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-30T20:07:02Z"
mac: ENC[AES256_GCM,data:03LjoWfq3vWeQ2Fs24WDW6E4T/5WnRvdGmPuiVVWEqqpyn0qnAz92MIMPc7B7TCy6XzQ31GqacjK2dxM3o4sSAqET+yotpOOhTVRnxarJWOre8uzDK/8LnYzP3Jbd7DpueCTXNRkomk9OLMYElp8HRszbWr1rEVj4UG/nfCY1y4=,iv:WemTKSYH2Hp3m6JT9LMrlKXUkdcwDzEwLmXboAaZ0mc=,tag:x1iXanJE/PnlETI54gR+8g==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
apiVersion: v1
kind: Secret
metadata:
name: ebusd-config-secret
type: kubernetes.io/basic-auth
stringData:
username: ENC[AES256_GCM,data:bRhNHEA=,iv:k4QlV2mvZiG1iTy3rXehRujru2dPtDtknRJxK0ddAeQ=,tag:NJzVjuc0rUUZxiBn1JsyWQ==,type:str]
password: ENC[AES256_GCM,data:Bggc/GLPLnnWEtIMlf9jDV/nUpoceBMvWqjw+NshjoZJNmifMF6DFw==,iv:CGF3ukNNssEm+1G5M6eG1/OtEaG63wpUs9gfY6+mdvk=,tag:LTLfFnOGOiKDNKjjhL5gSA==,type:str]
#ENC[AES256_GCM,data:bds89uaF6UDYI//rnTBbaZTh3zf/WAb79zancM8WVKoGfd+AMWEFZLMhJvA=,iv:+/8I2rJBSK4XC/sWo1/8Hdp6SWcsT7U8YPeduwB5lKM=,tag:KLaYACvrQHsufokXosf2zA==,type:comment]
#ENC[AES256_GCM,data:FwtxO7qk5bwnG1aJFYNr,iv:jFITOSG/J/42EHtwcgNiRXus+NxnRkXYkH2RylK3uNQ=,tag:oU2gzMiPY9APbEWk4DOklg==,type:comment]
#ENC[AES256_GCM,data:ufapEl++l2M2B7hBYaGg17nwrM6yELAu3IWrSRtqsS0=,iv:E74vX43/YyrTgT+xfu+0zVFpJR2LC0f+WeDTIsSOopw=,tag:XBuQAMIqy+RuJZ8VyJXEGw==,type:comment]
device: ENC[AES256_GCM,data:fAL248UkkabkaOnVKrZxGOO4rw/GJTn0,iv:pJOPSzjCrgwEzpgyK38OUwuqla0L8tCqr1RemulCnp0=,tag:PefdDw7dbcsNmxmYLQmA6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMVdKcTJuY1ZJL2l2Ni9Y
YVVSYi9xQ0hhYng4ZzMrVkVWb3cwalpSd2dnCktBNzFEZGJxRkFySVhBQ2RZdGJ4
bjlmVGxWUFZnT2tFUnBBd1ozZXdSdlEKLS0tIFd6K3h1OFZyY0xvc2VDL3diRlZB
cHdibGdzaHg0NnBMTXpYdGo1N3VCUG8Km3Pd+F+Dm0GYNr13rKykH0mLIJfZ7cw7
ubzfRKrO1TDud0Cd5WP3RaLKX+viux7Wq8LLfHena1DfaeAblP1mfA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-01T20:11:51Z"
mac: ENC[AES256_GCM,data:lA/shoJ+/giWS7QPoik2Etlmt7JfcHGhTjJwv84irOcbiMdrD+SbXQDcrX8/njuJFeXgnChGlVgI1o8RKa0gv4IvX48QIA1GgM/lNp/KY3HgKcgGU7ttBlEuVcaNZkg42fJEkZV+rK6uj15y0PaUv9Fx66PPaZs0EvifQU1q49o=,iv:RL1sTbV6jFDrH3UK9e+AnfN8HPtEUFPTEUYNFgA3HVo=,tag:TjASk8aWc+VS+aRjFPZPLQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ebusd-emqx-init
spec:
target:
creationPolicy: Owner
template:
engineVersion: v2
data:
INIT_EMQX_API_HOST: "{{ .emqx_api_host }}"
INIT_EMQX_API_PORT: "{{ .emqx_api_port }}"
INIT_EMQX_ACCESS_KEY: "{{ .emqx_username }}"
INIT_EMQX_SECRET_KEY: "{{ .emqx_password }}"
INIT_EMQX_USER: "{{ .ebusd_username }}"
INIT_EMQX_PASS: "{{ .ebusd_password }}"
INIT_EMQX_TOPIC: "homeassistant/ebusd"
dataFrom:
- extract:
key: emqx-secret
rewrite:
- regexp:
source: "^(.*)$"
target: "emqx_$1"
sourceRef:
storeRef:
name: emqx-secret-store
kind: ClusterSecretStore
- extract:
key: ebusd-config-secret
rewrite:
- regexp:
source: "^(.*)$"
target: "ebusd_$1"
sourceRef:
storeRef:
name: home-automation-secret-store
kind: SecretStore
207 changes: 207 additions & 0 deletions kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,207 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app ebusd
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.2.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: external-secrets
namespace: security
- name: multus
namespace: kube-system
values:
defaultPodOptions:
annotations:
secret.reloader.stakater.com/reload: "ebusd-emqx-init,ebusd-secret"
securityContext:
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
seccompProfile: { type: RuntimeDefault }
controllers:
ebusd:
containers:
app:
image:
repository: docker.io/john30/ebusd
tag: 23.3
command: ["ebusd"]
args:
# https://github.com/john30/ebusd/wiki/2.-Run
# Message Configuration Options
- --config=/config
- --configlang=en
- --pollinterval=10
- --scanconfig
# Daemon Options
- --foreground
# Log Options
- --log=all:info
# MQTT Options
- --mqttint=/config/mqtt-hassio.cfg
- --mqttjson
envFrom:
- secretRef:
name: ebusd-secret
# probes:
# liveness: &probes
# enabled: true
# custom: true
# spec:
# httpGet:
# path: /login
# port: 80
# initialDelaySeconds: 10
# periodSeconds: 10
# timeoutSeconds: 1
# failureThreshold: 3
# readiness: *probes
# startup: *probes
# resources:
# requests:
# cpu: 100m
# memory: 512Mi # ????
# limits:
# cpu: 1000m
# memory: 2Gi # ????
code-server:
image:
repository: ghcr.io/coder/code-server
tag: 4.90.3
args: [
"--auth", "none",
"--user-data-dir", "/config/.vscode",
"--extensions-dir", "/config/.vscode",
"--port", "80",
"/config"
]
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 1000m
memory: 2Gi
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
(
set -ex
apt update
apt install --yes dnsutils
apt install --yes iproute2
apt install --yes inetutils-ping
apt install --yes inetutils-telnet
apt install --yes inetutils-traceroute
apt install --yes net-tools
) > /tmp/postStart.log 2>&1 || true
initContainers:
emqx-init:
image:
repository: ghcr.io/prehor/emqx-init
tag: 1.0.0
envFrom:
- secretRef:
name: ebusd-emqx-init
config:
image:
repository: docker.io/alpine/git
tag: 2.45.2
command: ["/bin/sh","-c"]
args: |
set -ex
if [ ! -e "/config/.git" ]; then
git clone [email protected]:prehor/ebusd-config.git /config/.ebusd-config
mv /config/.ebusd-config/* /config/.ebusd-config/.* /config
rmdir /config/.ebusd-config/
fi
if [ ! -e "/config/mqtt-hassio.cfg" ]; then
cp /etc/ebusd/mqtt-hassio.cfg /config/mqtt-hassio.cfg
fi
if [ ! -e "/root/.gitconfig" ]; then
cat > /root/.gitconfig <<EOF
[filter "lfs"]
process = git-lfs filter-process
required = true
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
[user]
email = [email protected]
name = Petr Řehoř
EOF
fi
service:
app:
controller: ebusd
ports:
http:
port: 8888
code-server:
port: 80
ingress:
app:
enabled: true
className: internal
hosts:
- host: &host ebus.${SECRET_DOMAIN}
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
code-server:
className: internal
hosts:
- host: &host "ebush.${SECRET_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: code-server
tls:
- hosts:
- *host
persistence:
config:
existingClaim: *app
deploy-key:
type: secret
name: ebusd-config-deploy-key
defaultMode: 0o400
globalMounts:
- path: /root/.ssh/id_ed25519
subPath: ssh-privatekey
- path: /root/.ssh/known_hosts2
subPath: ssh-known-hosts
logs:
type: emptyDir
globalMounts:
- path: /config/logs
tmp:
type: emptyDir
11 changes: 11 additions & 0 deletions kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./config-deploy-key.sops.yaml
- ./config-secrets.sops.yaml
- ./emqx-init-secret.yaml
- ./helmrelease.yaml
- ./secret.yaml
- ../../../../templates/volsync
36 changes: 36 additions & 0 deletions kubernetes/main/apps/home-automation/ebusd/app/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ebusd-secret
stringData:
# https://github.com/john30/ebusd/wiki/2.-Run
# Device Options
EBUSD_DEVICE: "{{ .ebusd_device }}"
# MQTT Options
EBUSD_MQTTHOST: "{{ .emqx_host }}"
EBUSD_MQTTPORT: "{{ .emqx_port }}"
EBUSD_MQTTUSER: "{{ .ebusd_username }}"
EBUSD_MQTTPASS: "{{ .ebusd_password }}"
dataFrom:
- extract:
key: ebusd-config-secret
rewrite:
- regexp:
source: "^(.*)$"
target: "ebusd_$1"
sourceRef:
storeRef:
name: home-automation-secret-store
kind: SecretStore
- extract:
key: emqx-secret
rewrite:
- regexp:
source: "^(.*)$"
target: "emqx_$1"
sourceRef:
storeRef:
name: emqx-secret-store
kind: ClusterSecretStore
29 changes: 29 additions & 0 deletions kubernetes/main/apps/home-automation/ebusd/ks.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app ebusd
namespace: flux-system
spec:
targetNamespace: home-automation
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: home-automation-external-secrets-stores
- name: multus
- name: volsync
path: "./kubernetes/main/apps/home-automation/ebusd/app"
prune: true
sourceRef:
kind: GitRepository
name: home-ops
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 100Mi
1 change: 1 addition & 0 deletions kubernetes/main/apps/home-automation/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./ebusd/ks.yaml
- ./external-secrets/ks.yaml
- ./home-assistant/ks.yaml

0 comments on commit bbbbb94

Please sign in to comment.