Skip to content

Commit

Permalink
feat: add ebusd
Browse files Browse the repository at this point in the history
  • Loading branch information
prehor committed Jul 10, 2024
1 parent 0aa4091 commit e0c9efe
Show file tree
Hide file tree
Showing 12 changed files with 453 additions and 3 deletions.
3 changes: 2 additions & 1 deletion kubernetes/main/apps/database/emqx/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: emqx-operator
name: &app emqx-operator
spec:
interval: 30m
chart:
Expand All @@ -26,6 +26,7 @@ spec:
- name: cert-manager
namespace: cert-manager
values:
fullnameOverride: *app
image:
repository: ghcr.io/emqx/emqx-operator
resources:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: v1
kind: Secret
metadata:
name: ebusd-config-deploy-key
type: kubernetes.io/ssh-auth
stringData:
ssh-privatekey: ENC[AES256_GCM,data:FgLKm8XNvj7PisZNng0vJ9sd3qHMfKRmoP4vDuy93cusYV7HmR+zI4hM1lZ93lHC5flj20OqW1MSIBkclrRuB95hMFl8o9gfYNrph0MCTk192FbMFYD0K4MDrXYtWXMdv+cg6WLYahBeiCObK69DjzewD3RritiDZLLW5sgR/U1DGSBiFgGxfkC0Qc22r6IzY0fb6qu0/5GKIFRCdO11HKp9AIRPheiAaBRSiZRHtXcvdfNwzoOCeNf6TXyVeDhDrX8hTOzTMrsDVq85+NeTF3cMjdoSjv/q2Qbq8xasFcYh1Uk95qAv7ufIDFBvYkPLHVmQR8GdMUif1T/OH/AwvkiW8s3BVNrXI13yzd4A9MUdGuic+fhR26WTBbPqgM/QBUoPFGxaJEmoQNvX4eQrXfzs2ukyu+EDPCshcS8Xb9cuX8nbUzX9RAcnYYKhRzPofSEWhOrSZjW/5DoBcqJ9vwVi0I4YWGBzTl51dzM1Be0piO4G7pVZJTL1YqNgRmGxc8/YTLb7e51sry5A32vG1OTlJnkeeLCRdrJTzaMKhgVs0fU=,iv:nuh1/y4b9pdacvKiaGHctrZjP9nfMmF21fea2hc4tCQ=,tag:/Hzw+9TS/ghbOZwnsxTPsg==,type:str]
ssh-privatekey-type: ENC[AES256_GCM,data:7ArBiHJgrw==,iv:HARFrYhoAvM1CjbUUQh9/nMtRll8nIEprjn33Gsk4Jc=,tag:BvfzrVLaz8yBCj5f8CMDYw==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:QOBt7z+ErV81bhnZKZzOJLlxH3hePo54XvXa5t9enJq56Ei8hUEwpUNW1M+bcDQmRn7XvjtQr9RB796Dh0rLYBGn0QzvilOL22ZHLYq0FurD/lhhRq9YUXjd0TBttkW2xssSVj8Aq9ZM+ym01tBU2xjrVpxmqo0ktVDlogx60CYjPw38phHEuTNNkLFcBQKWvZXCltTA/S34rM1vK+vAhrMSMZk00jLOMJ69JmVbfkWI+hmB/MPNpz+HIVXfGHfpn8sedMjkhPvbsp8z3dGRDcbwAcE4lrHrZIjyDO882FMJ+2v+PZACtvI49n9k8ihquFRrsBkPbc0WnnOCSbq4+MGh4XvBHQdNFgsYV8zf206BVzENOKF661Ds++Rz6ytjguiols482r1yziBR6L1/AnXze95oNd5dGUzYEvXN+Hl60/t2dwOzjeBCYn6ekw0PRpYE970kCA31I1KavepUaeIBtxCn7GFAhYVWEwQFI7MyR77K6a7TbsdDukfkHww8XjcoQSm+/5XSsLAbBoqqPv8f2LcwV2YXkDX8KrwlNPZoxghH1rFXzhTEKg1ErUJNt96nAJ3cr4kfsyWnq3aA6cyimoRjdhW4JPbx13ubuz4b19Fu/9sKxGJG8akJU+1Bz8KXLV9uJjOQO91qi5+dDk1w8Hvu9GX3wnS0EiaCLh8tVNDDdtdtATUPS+MZEkMVFTGYfW0auRR2nfoPyTJgpvtRxi7dToxKpA67jacj+j4NQRwm0sKamwDN0xBWfENeuaZ/NHbFWzC+xssZmSeA/FRTPmdEpLQQ8jcG+MI9Fc8xnd+Ydz/GCv6TdWPazww0C6X4ERTBk5eo9BEMAjDo8jF9A5aRDThgx/rxeDz01G0JgYzDR1rPZWJLTpHenJOx6sjzRQukHHi1dK0aMaP9JNfuARAgx0/H4/xxRRsV6QTd6H7rbsMxPyXQMMeAjM9t1l0cnhxglR/wUiW6GJi3LnfXDvRVx2KQDetO605zI6O4ZDUtEgTNlZ2PotZ42/hhDRF56GmhF5z8XU1KLEhVG0N0rZXxB5NmNQtHbu5Wx9qpUHe7YgTvAHIbUzkvf4VZ0sTxuxMNYvXONEEu,iv:SG9Rjm6OO69IVNtdE6wtdqApW0svCUTYHtMH1/FxluA=,tag:+Zuaf+b7LaOlOUlgKyb0IA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzL2FNUlZqWFFtUGRPUE5o
Rm0zNmplVE9ocTVaQ3V4OFRwRDJXVkF2MEJjCjBZS1Y3RFFXcHVZQmU4ejV6QTlT
QVh0bXZzNy9aTTllQ1FaRGtwM25SaDgKLS0tIDd0U2Y1MU5oL0RsUjg0UHZleC9D
aVNLZzdlbmFHVXVQMldXa0VvRHJoU0EKWzThM5A/IjS4XBvmxHZFr3pywKitjbfK
CKnctMdz2AcJ224TUl6PEc7GVZdCycHZn9nK2zP6tcY8bPlX4VBP4Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-30T20:07:02Z"
mac: ENC[AES256_GCM,data:03LjoWfq3vWeQ2Fs24WDW6E4T/5WnRvdGmPuiVVWEqqpyn0qnAz92MIMPc7B7TCy6XzQ31GqacjK2dxM3o4sSAqET+yotpOOhTVRnxarJWOre8uzDK/8LnYzP3Jbd7DpueCTXNRkomk9OLMYElp8HRszbWr1rEVj4UG/nfCY1y4=,iv:WemTKSYH2Hp3m6JT9LMrlKXUkdcwDzEwLmXboAaZ0mc=,tag:x1iXanJE/PnlETI54gR+8g==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
apiVersion: v1
kind: Secret
metadata:
name: ebusd-config-secret
type: kubernetes.io/basic-auth
stringData:
#ENC[AES256_GCM,data:zF86RzBVCdzSDrGynQ==,iv:UAppp8Tspuz/kZFNlmJHPvHneK3iPeootgCGq6YRhjI=,tag:IIJT6N2rSIvv7l2AwcfgXw==,type:comment]
username: ENC[AES256_GCM,data:bRhNHEA=,iv:k4QlV2mvZiG1iTy3rXehRujru2dPtDtknRJxK0ddAeQ=,tag:NJzVjuc0rUUZxiBn1JsyWQ==,type:str]
password: ENC[AES256_GCM,data:Bggc/GLPLnnWEtIMlf9jDV/nUpoceBMvWqjw+NshjoZJNmifMF6DFw==,iv:CGF3ukNNssEm+1G5M6eG1/OtEaG63wpUs9gfY6+mdvk=,tag:LTLfFnOGOiKDNKjjhL5gSA==,type:str]
#ENC[AES256_GCM,data:bds89uaF6UDYI//rnTBbaZTh3zf/WAb79zancM8WVKoGfd+AMWEFZLMhJvA=,iv:+/8I2rJBSK4XC/sWo1/8Hdp6SWcsT7U8YPeduwB5lKM=,tag:KLaYACvrQHsufokXosf2zA==,type:comment]
#ENC[AES256_GCM,data:FwtxO7qk5bwnG1aJFYNr,iv:jFITOSG/J/42EHtwcgNiRXus+NxnRkXYkH2RylK3uNQ=,tag:oU2gzMiPY9APbEWk4DOklg==,type:comment]
#ENC[AES256_GCM,data:ufapEl++l2M2B7hBYaGg17nwrM6yELAu3IWrSRtqsS0=,iv:E74vX43/YyrTgT+xfu+0zVFpJR2LC0f+WeDTIsSOopw=,tag:XBuQAMIqy+RuJZ8VyJXEGw==,type:comment]
device: ENC[AES256_GCM,data:fAL248UkkabkaOnVKrZxGOO4rw/GJTn0,iv:pJOPSzjCrgwEzpgyK38OUwuqla0L8tCqr1RemulCnp0=,tag:PefdDw7dbcsNmxmYLQmA6Q==,type:str]
#ENC[AES256_GCM,data:Aavl48ibfFc3lVIBwYHrD8Qwc61TvFMBv3sfEuWJwPDFs3ysGO2yEIYxVNIJUv1CcQFspzSwgsiUQBh0Wk93K/SfEMO1ml8m0/AgsE0Hu5dqRc5FCyVC,iv:FNZ9O2R8uh1lgwc2ygnKZLaMIZkMOfjmvXrqwTuLXOk=,tag:TYWsoY8gACBmB3V2nfgWxQ==,type:comment]
github_user_mail: ENC[AES256_GCM,data:6olG/yp8bvc=,iv:/yhG6eYlbxKhWJcyyFXs2WzaF+dh1VSBXRdqZBAX64k=,tag:Uv4qQWOm9DUBbvqOncqeHg==,type:str]
github_user_name: ENC[AES256_GCM,data:+6jBlhhYa9wn35Q9,iv:b24y9aYFrZSB2aU/p89ehJRT5bi15vUY64ddeE0syT8=,tag:mzuFUN59543wF6Zic/3QIA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMVdKcTJuY1ZJL2l2Ni9Y
YVVSYi9xQ0hhYng4ZzMrVkVWb3cwalpSd2dnCktBNzFEZGJxRkFySVhBQ2RZdGJ4
bjlmVGxWUFZnT2tFUnBBd1ozZXdSdlEKLS0tIFd6K3h1OFZyY0xvc2VDL3diRlZB
cHdibGdzaHg0NnBMTXpYdGo1N3VCUG8Km3Pd+F+Dm0GYNr13rKykH0mLIJfZ7cw7
ubzfRKrO1TDud0Cd5WP3RaLKX+viux7Wq8LLfHena1DfaeAblP1mfA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-07T10:53:39Z"
mac: ENC[AES256_GCM,data:0lptBE1Pers4fdlRXNBEmtMYRYwaupPghg6L4qMeGGEr9+tmoW1H1Pmz+wqZhMDX0LDl3VjUjlnTWuZXlBBgYJMHaOi+As64C24K66I3YFEk4fB4XvR5Houi1Q2h8fNrA17shGT/Cly2fMetmJXMmn4styQHd1aRGtHj6Ov+Qjs=,iv:lItUROOgPvBGUhyYEcOqRq0JVRFdJf5HB1NvF9zB4Sc=,tag:PNbMpSBqeuZengOIur30Rg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ebusd-emqx-init
spec:
target:
creationPolicy: Owner
template:
engineVersion: v2
data:
INIT_EMQX_API_HOST: "{{ .emqx_api_host }}"
INIT_EMQX_API_PORT: "{{ .emqx_api_port }}"
INIT_EMQX_ACCESS_KEY: "{{ .emqx_username }}"
INIT_EMQX_SECRET_KEY: "{{ .emqx_password }}"
INIT_EMQX_USER: "{{ .ebusd_username }}"
INIT_EMQX_PASS: "{{ .ebusd_password }}"
INIT_EMQX_TOPIC: "ebusd/#"
INIT_EMQX_TOPIC_ACLS: >-
{{ .ebusd_username }}:homeassistant/#:all:allow
{{ .hass_username }}:ebusd/#:all:allow
dataFrom:
- extract:
key: emqx-secret
rewrite:
- regexp:
source: "^(.*)$"
target: "emqx_$1"
sourceRef:
storeRef:
name: emqx-secret-store
kind: ClusterSecretStore
- extract:
key: ebusd-config-secret
rewrite:
- regexp:
source: "^(.*)$"
target: "ebusd_$1"
sourceRef:
storeRef:
name: home-automation-secret-store
kind: SecretStore
- extract:
key: home-assistant-emqx-secret
rewrite:
- regexp:
source: "^(.*)$"
target: "hass_$1"
sourceRef:
storeRef:
name: home-automation-secret-store
kind: SecretStore

241 changes: 241 additions & 0 deletions kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,241 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app ebusd
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.2.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: emqx-operator
namespace: database
- name: external-secrets
namespace: security
- name: multus
namespace: kube-system
- name: volsync
namespace: storage
values:
defaultPodOptions:
annotations:
secret.reloader.stakater.com/reload: "ebusd-emqx-init,ebusd-secret"
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
seccompProfile: { type: RuntimeDefault }
controllers:
ebusd:
containers:
app:
image:
repository: docker.io/john30/ebusd
tag: &version v23.3
command: ["ebusd"]
args:
# https://github.com/john30/ebusd/wiki/2.-Run
# Message Configuration Options
- --configpath=/config/latest/en
- --configlang=en
- --pollinterval=10
- --scanconfig
# Daemon Options
- --foreground
# HTTP Client
- --httpport=8080
# Log Options
- --log=all:info
# MQTT Options
- --mqttint=/config/mqtt-hassio.cfg
- --mqttjson
envFrom:
- secretRef:
name: ebusd-secret
# probes:
# liveness: &probes
# enabled: true
# custom: true
# spec:
# httpGet:
# path: /data
# port: 80
# initialDelaySeconds: 10
# periodSeconds: 10
# timeoutSeconds: 1
# failureThreshold: 3
# readiness: *probes
# startup: *probes
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 2000m
memory: 2Gi
code-server:
image:
repository: ghcr.io/coder/code-server
tag: 4.90.3
args:
- --auth=none
- --user-data-dir=/config/.vscode
- --extensions-dir=/config/.vscode
- --port=80
- /config"
envFrom:
- secretRef:
name: ebusd-secret
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 1000m
memory: 2Gi
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
(
set -e
# Install packages
sudo apt update
sudo apt install --yes dnsutils
sudo apt install --yes iproute2
sudo apt install --yes inetutils-ping
sudo apt install --yes inetutils-telnet
sudo apt install --yes inetutils-traceroute
sudo apt install --yes net-tools
# Setup git
git config --global user.name "${GITCONFIG_USER_NAME}"
git config --global user.email "${GITCONFIG_USER_MAIL}"
git config --global branch.autosetuprebase always
git config --global --add safe.directory '/config'
) > /tmp/postStart.log 2>&1 || true
initContainers:
config:
image:
repository: ghcr.io/prehor/alpine-toolbox
tag: 3.20.1
args:
- /entrypoint.sh
- /bin/bash
- -c
- |
set -ex
# Clone ebusd-config repository
if [ ! -e "/config/.git" ]; then
git clone [email protected]:prehor/ebusd-config.git /config/.ebusd-config
mv /config/.ebusd-config/* /config/.ebusd-config/.* /config
rmdir /config/.ebusd-config/
fi
# Fetch mqtt-hassio.cfg
if [ ! -e "/config/mqtt-hassio.cfg" ]; then
curl https://raw.githubusercontent.com/john30/ebusd/master/contrib/etc/ebusd/mqtt-hassio.cfg -o /config/mqtt-hassio.cfg
fi
# Fetch contrib/html
if [ ! -e "/config/html" ]; then
mkdir /config/html
curl -L https://github.com/john30/ebusd/archive/refs/tags/23.3.tar.gz |
tar -C /tmp xfz https://github.com/john30/ebusd/archive/refs/tags/${EBUSD_VERSION#v}.tar.gz
fi
env:
EBUSD_VERSION: *version
envFrom:
- secretRef:
name: ebusd-secret
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 500m
memory: 512Mi
emqx-init:
image:
repository: ghcr.io/prehor/emqx-init
tag: 1.0.0
envFrom:
- secretRef:
name: ebusd-emqx-init
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 500m
memory: 512Mi
service:
app:
controller: ebusd
ports:
http:
port: 8888
code-server:
port: 80
ingress:
app:
enabled: true
className: internal
hosts:
- host: &host ebus.${SECRET_DOMAIN}
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
code-server:
className: internal
hosts:
- host: &host "ebush.${SECRET_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: code-server
tls:
- hosts:
- *host
persistence:
config:
existingClaim: *app
deploy-key:
type: secret
name: ebusd-config-deploy-key
globalMounts:
- path: /config/.ssh/id_ed25519
subPath: ssh-privatekey
- path: /config/.ssh/known_hosts2
subPath: ssh-known-hosts
tmp:
type: emptyDir
11 changes: 11 additions & 0 deletions kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./config-deploy-key.sops.yaml
- ./config-secrets.sops.yaml
- ./emqx-init-secret.yaml
- ./helmrelease.yaml
- ./secret.yaml
- ../../../../templates/volsync
Loading

0 comments on commit e0c9efe

Please sign in to comment.