generated from onedr0p/cluster-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
453 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
kubernetes/main/apps/home-automation/ebusd/app/config-deploy-key.sops.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: ebusd-config-deploy-key | ||
type: kubernetes.io/ssh-auth | ||
stringData: | ||
ssh-privatekey: ENC[AES256_GCM,data:FgLKm8XNvj7PisZNng0vJ9sd3qHMfKRmoP4vDuy93cusYV7HmR+zI4hM1lZ93lHC5flj20OqW1MSIBkclrRuB95hMFl8o9gfYNrph0MCTk192FbMFYD0K4MDrXYtWXMdv+cg6WLYahBeiCObK69DjzewD3RritiDZLLW5sgR/U1DGSBiFgGxfkC0Qc22r6IzY0fb6qu0/5GKIFRCdO11HKp9AIRPheiAaBRSiZRHtXcvdfNwzoOCeNf6TXyVeDhDrX8hTOzTMrsDVq85+NeTF3cMjdoSjv/q2Qbq8xasFcYh1Uk95qAv7ufIDFBvYkPLHVmQR8GdMUif1T/OH/AwvkiW8s3BVNrXI13yzd4A9MUdGuic+fhR26WTBbPqgM/QBUoPFGxaJEmoQNvX4eQrXfzs2ukyu+EDPCshcS8Xb9cuX8nbUzX9RAcnYYKhRzPofSEWhOrSZjW/5DoBcqJ9vwVi0I4YWGBzTl51dzM1Be0piO4G7pVZJTL1YqNgRmGxc8/YTLb7e51sry5A32vG1OTlJnkeeLCRdrJTzaMKhgVs0fU=,iv:nuh1/y4b9pdacvKiaGHctrZjP9nfMmF21fea2hc4tCQ=,tag:/Hzw+9TS/ghbOZwnsxTPsg==,type:str] | ||
ssh-privatekey-type: ENC[AES256_GCM,data:7ArBiHJgrw==,iv:HARFrYhoAvM1CjbUUQh9/nMtRll8nIEprjn33Gsk4Jc=,tag:BvfzrVLaz8yBCj5f8CMDYw==,type:str] | ||
ssh-known-hosts: ENC[AES256_GCM,data:QOBt7z+ErV81bhnZKZzOJLlxH3hePo54XvXa5t9enJq56Ei8hUEwpUNW1M+bcDQmRn7XvjtQr9RB796Dh0rLYBGn0QzvilOL22ZHLYq0FurD/lhhRq9YUXjd0TBttkW2xssSVj8Aq9ZM+ym01tBU2xjrVpxmqo0ktVDlogx60CYjPw38phHEuTNNkLFcBQKWvZXCltTA/S34rM1vK+vAhrMSMZk00jLOMJ69JmVbfkWI+hmB/MPNpz+HIVXfGHfpn8sedMjkhPvbsp8z3dGRDcbwAcE4lrHrZIjyDO882FMJ+2v+PZACtvI49n9k8ihquFRrsBkPbc0WnnOCSbq4+MGh4XvBHQdNFgsYV8zf206BVzENOKF661Ds++Rz6ytjguiols482r1yziBR6L1/AnXze95oNd5dGUzYEvXN+Hl60/t2dwOzjeBCYn6ekw0PRpYE970kCA31I1KavepUaeIBtxCn7GFAhYVWEwQFI7MyR77K6a7TbsdDukfkHww8XjcoQSm+/5XSsLAbBoqqPv8f2LcwV2YXkDX8KrwlNPZoxghH1rFXzhTEKg1ErUJNt96nAJ3cr4kfsyWnq3aA6cyimoRjdhW4JPbx13ubuz4b19Fu/9sKxGJG8akJU+1Bz8KXLV9uJjOQO91qi5+dDk1w8Hvu9GX3wnS0EiaCLh8tVNDDdtdtATUPS+MZEkMVFTGYfW0auRR2nfoPyTJgpvtRxi7dToxKpA67jacj+j4NQRwm0sKamwDN0xBWfENeuaZ/NHbFWzC+xssZmSeA/FRTPmdEpLQQ8jcG+MI9Fc8xnd+Ydz/GCv6TdWPazww0C6X4ERTBk5eo9BEMAjDo8jF9A5aRDThgx/rxeDz01G0JgYzDR1rPZWJLTpHenJOx6sjzRQukHHi1dK0aMaP9JNfuARAgx0/H4/xxRRsV6QTd6H7rbsMxPyXQMMeAjM9t1l0cnhxglR/wUiW6GJi3LnfXDvRVx2KQDetO605zI6O4ZDUtEgTNlZ2PotZ42/hhDRF56GmhF5z8XU1KLEhVG0N0rZXxB5NmNQtHbu5Wx9qpUHe7YgTvAHIbUzkvf4VZ0sTxuxMNYvXONEEu,iv:SG9Rjm6OO69IVNtdE6wtdqApW0svCUTYHtMH1/FxluA=,tag:+Zuaf+b7LaOlOUlgKyb0IA==,type:str] | ||
sops: | ||
kms: [] | ||
gcp_kms: [] | ||
azure_kv: [] | ||
hc_vault: [] | ||
age: | ||
- recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7 | ||
enc: | | ||
-----BEGIN AGE ENCRYPTED FILE----- | ||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzL2FNUlZqWFFtUGRPUE5o | ||
Rm0zNmplVE9ocTVaQ3V4OFRwRDJXVkF2MEJjCjBZS1Y3RFFXcHVZQmU4ejV6QTlT | ||
QVh0bXZzNy9aTTllQ1FaRGtwM25SaDgKLS0tIDd0U2Y1MU5oL0RsUjg0UHZleC9D | ||
aVNLZzdlbmFHVXVQMldXa0VvRHJoU0EKWzThM5A/IjS4XBvmxHZFr3pywKitjbfK | ||
CKnctMdz2AcJ224TUl6PEc7GVZdCycHZn9nK2zP6tcY8bPlX4VBP4Q== | ||
-----END AGE ENCRYPTED FILE----- | ||
lastmodified: "2024-06-30T20:07:02Z" | ||
mac: ENC[AES256_GCM,data:03LjoWfq3vWeQ2Fs24WDW6E4T/5WnRvdGmPuiVVWEqqpyn0qnAz92MIMPc7B7TCy6XzQ31GqacjK2dxM3o4sSAqET+yotpOOhTVRnxarJWOre8uzDK/8LnYzP3Jbd7DpueCTXNRkomk9OLMYElp8HRszbWr1rEVj4UG/nfCY1y4=,iv:WemTKSYH2Hp3m6JT9LMrlKXUkdcwDzEwLmXboAaZ0mc=,tag:x1iXanJE/PnlETI54gR+8g==,type:str] | ||
pgp: [] | ||
encrypted_regex: ^(data|stringData)$ | ||
version: 3.8.1 |
36 changes: 36 additions & 0 deletions
36
kubernetes/main/apps/home-automation/ebusd/app/config-secrets.sops.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: ebusd-config-secret | ||
type: kubernetes.io/basic-auth | ||
stringData: | ||
#ENC[AES256_GCM,data:zF86RzBVCdzSDrGynQ==,iv:UAppp8Tspuz/kZFNlmJHPvHneK3iPeootgCGq6YRhjI=,tag:IIJT6N2rSIvv7l2AwcfgXw==,type:comment] | ||
username: ENC[AES256_GCM,data:bRhNHEA=,iv:k4QlV2mvZiG1iTy3rXehRujru2dPtDtknRJxK0ddAeQ=,tag:NJzVjuc0rUUZxiBn1JsyWQ==,type:str] | ||
password: ENC[AES256_GCM,data:Bggc/GLPLnnWEtIMlf9jDV/nUpoceBMvWqjw+NshjoZJNmifMF6DFw==,iv:CGF3ukNNssEm+1G5M6eG1/OtEaG63wpUs9gfY6+mdvk=,tag:LTLfFnOGOiKDNKjjhL5gSA==,type:str] | ||
#ENC[AES256_GCM,data:bds89uaF6UDYI//rnTBbaZTh3zf/WAb79zancM8WVKoGfd+AMWEFZLMhJvA=,iv:+/8I2rJBSK4XC/sWo1/8Hdp6SWcsT7U8YPeduwB5lKM=,tag:KLaYACvrQHsufokXosf2zA==,type:comment] | ||
#ENC[AES256_GCM,data:FwtxO7qk5bwnG1aJFYNr,iv:jFITOSG/J/42EHtwcgNiRXus+NxnRkXYkH2RylK3uNQ=,tag:oU2gzMiPY9APbEWk4DOklg==,type:comment] | ||
#ENC[AES256_GCM,data:ufapEl++l2M2B7hBYaGg17nwrM6yELAu3IWrSRtqsS0=,iv:E74vX43/YyrTgT+xfu+0zVFpJR2LC0f+WeDTIsSOopw=,tag:XBuQAMIqy+RuJZ8VyJXEGw==,type:comment] | ||
device: ENC[AES256_GCM,data:fAL248UkkabkaOnVKrZxGOO4rw/GJTn0,iv:pJOPSzjCrgwEzpgyK38OUwuqla0L8tCqr1RemulCnp0=,tag:PefdDw7dbcsNmxmYLQmA6Q==,type:str] | ||
#ENC[AES256_GCM,data:Aavl48ibfFc3lVIBwYHrD8Qwc61TvFMBv3sfEuWJwPDFs3ysGO2yEIYxVNIJUv1CcQFspzSwgsiUQBh0Wk93K/SfEMO1ml8m0/AgsE0Hu5dqRc5FCyVC,iv:FNZ9O2R8uh1lgwc2ygnKZLaMIZkMOfjmvXrqwTuLXOk=,tag:TYWsoY8gACBmB3V2nfgWxQ==,type:comment] | ||
github_user_mail: ENC[AES256_GCM,data:6olG/yp8bvc=,iv:/yhG6eYlbxKhWJcyyFXs2WzaF+dh1VSBXRdqZBAX64k=,tag:Uv4qQWOm9DUBbvqOncqeHg==,type:str] | ||
github_user_name: ENC[AES256_GCM,data:+6jBlhhYa9wn35Q9,iv:b24y9aYFrZSB2aU/p89ehJRT5bi15vUY64ddeE0syT8=,tag:mzuFUN59543wF6Zic/3QIA==,type:str] | ||
sops: | ||
kms: [] | ||
gcp_kms: [] | ||
azure_kv: [] | ||
hc_vault: [] | ||
age: | ||
- recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7 | ||
enc: | | ||
-----BEGIN AGE ENCRYPTED FILE----- | ||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMVdKcTJuY1ZJL2l2Ni9Y | ||
YVVSYi9xQ0hhYng4ZzMrVkVWb3cwalpSd2dnCktBNzFEZGJxRkFySVhBQ2RZdGJ4 | ||
bjlmVGxWUFZnT2tFUnBBd1ozZXdSdlEKLS0tIFd6K3h1OFZyY0xvc2VDL3diRlZB | ||
cHdibGdzaHg0NnBMTXpYdGo1N3VCUG8Km3Pd+F+Dm0GYNr13rKykH0mLIJfZ7cw7 | ||
ubzfRKrO1TDud0Cd5WP3RaLKX+viux7Wq8LLfHena1DfaeAblP1mfA== | ||
-----END AGE ENCRYPTED FILE----- | ||
lastmodified: "2024-07-07T10:53:39Z" | ||
mac: ENC[AES256_GCM,data:0lptBE1Pers4fdlRXNBEmtMYRYwaupPghg6L4qMeGGEr9+tmoW1H1Pmz+wqZhMDX0LDl3VjUjlnTWuZXlBBgYJMHaOi+As64C24K66I3YFEk4fB4XvR5Houi1Q2h8fNrA17shGT/Cly2fMetmJXMmn4styQHd1aRGtHj6Ov+Qjs=,iv:lItUROOgPvBGUhyYEcOqRq0JVRFdJf5HB1NvF9zB4Sc=,tag:PNbMpSBqeuZengOIur30Rg==,type:str] | ||
pgp: [] | ||
encrypted_regex: ^(data|stringData)$ | ||
version: 3.8.1 |
54 changes: 54 additions & 0 deletions
54
kubernetes/main/apps/home-automation/ebusd/app/emqx-init-secret.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
--- | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json | ||
apiVersion: external-secrets.io/v1beta1 | ||
kind: ExternalSecret | ||
metadata: | ||
name: ebusd-emqx-init | ||
spec: | ||
target: | ||
creationPolicy: Owner | ||
template: | ||
engineVersion: v2 | ||
data: | ||
INIT_EMQX_API_HOST: "{{ .emqx_api_host }}" | ||
INIT_EMQX_API_PORT: "{{ .emqx_api_port }}" | ||
INIT_EMQX_ACCESS_KEY: "{{ .emqx_username }}" | ||
INIT_EMQX_SECRET_KEY: "{{ .emqx_password }}" | ||
INIT_EMQX_USER: "{{ .ebusd_username }}" | ||
INIT_EMQX_PASS: "{{ .ebusd_password }}" | ||
INIT_EMQX_TOPIC: "ebusd/#" | ||
INIT_EMQX_TOPIC_ACLS: >- | ||
{{ .ebusd_username }}:homeassistant/#:all:allow | ||
{{ .hass_username }}:ebusd/#:all:allow | ||
dataFrom: | ||
- extract: | ||
key: emqx-secret | ||
rewrite: | ||
- regexp: | ||
source: "^(.*)$" | ||
target: "emqx_$1" | ||
sourceRef: | ||
storeRef: | ||
name: emqx-secret-store | ||
kind: ClusterSecretStore | ||
- extract: | ||
key: ebusd-config-secret | ||
rewrite: | ||
- regexp: | ||
source: "^(.*)$" | ||
target: "ebusd_$1" | ||
sourceRef: | ||
storeRef: | ||
name: home-automation-secret-store | ||
kind: SecretStore | ||
- extract: | ||
key: home-assistant-emqx-secret | ||
rewrite: | ||
- regexp: | ||
source: "^(.*)$" | ||
target: "hass_$1" | ||
sourceRef: | ||
storeRef: | ||
name: home-automation-secret-store | ||
kind: SecretStore | ||
|
241 changes: 241 additions & 0 deletions
241
kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,241 @@ | ||
--- | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json | ||
apiVersion: helm.toolkit.fluxcd.io/v2 | ||
kind: HelmRelease | ||
metadata: | ||
name: &app ebusd | ||
spec: | ||
interval: 30m | ||
chart: | ||
spec: | ||
chart: app-template | ||
version: 3.2.1 | ||
interval: 30m | ||
sourceRef: | ||
kind: HelmRepository | ||
name: bjw-s | ||
namespace: flux-system | ||
install: | ||
remediation: | ||
retries: 3 | ||
upgrade: | ||
cleanupOnFail: true | ||
remediation: | ||
strategy: rollback | ||
retries: 3 | ||
dependsOn: | ||
- name: emqx-operator | ||
namespace: database | ||
- name: external-secrets | ||
namespace: security | ||
- name: multus | ||
namespace: kube-system | ||
- name: volsync | ||
namespace: storage | ||
values: | ||
defaultPodOptions: | ||
annotations: | ||
secret.reloader.stakater.com/reload: "ebusd-emqx-init,ebusd-secret" | ||
securityContext: | ||
runAsNonRoot: true | ||
runAsUser: 568 | ||
runAsGroup: 568 | ||
fsGroup: 568 | ||
fsGroupChangePolicy: OnRootMismatch | ||
seccompProfile: { type: RuntimeDefault } | ||
controllers: | ||
ebusd: | ||
containers: | ||
app: | ||
image: | ||
repository: docker.io/john30/ebusd | ||
tag: &version v23.3 | ||
command: ["ebusd"] | ||
args: | ||
# https://github.com/john30/ebusd/wiki/2.-Run | ||
# Message Configuration Options | ||
- --configpath=/config/latest/en | ||
- --configlang=en | ||
- --pollinterval=10 | ||
- --scanconfig | ||
# Daemon Options | ||
- --foreground | ||
# HTTP Client | ||
- --httpport=8080 | ||
# Log Options | ||
- --log=all:info | ||
# MQTT Options | ||
- --mqttint=/config/mqtt-hassio.cfg | ||
- --mqttjson | ||
envFrom: | ||
- secretRef: | ||
name: ebusd-secret | ||
# probes: | ||
# liveness: &probes | ||
# enabled: true | ||
# custom: true | ||
# spec: | ||
# httpGet: | ||
# path: /data | ||
# port: 80 | ||
# initialDelaySeconds: 10 | ||
# periodSeconds: 10 | ||
# timeoutSeconds: 1 | ||
# failureThreshold: 3 | ||
# readiness: *probes | ||
# startup: *probes | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 512Mi | ||
limits: | ||
cpu: 2000m | ||
memory: 2Gi | ||
code-server: | ||
image: | ||
repository: ghcr.io/coder/code-server | ||
tag: 4.90.3 | ||
args: | ||
- --auth=none | ||
- --user-data-dir=/config/.vscode | ||
- --extensions-dir=/config/.vscode | ||
- --port=80 | ||
- /config" | ||
envFrom: | ||
- secretRef: | ||
name: ebusd-secret | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 64Mi | ||
limits: | ||
cpu: 1000m | ||
memory: 2Gi | ||
lifecycle: | ||
postStart: | ||
exec: | ||
command: | ||
- /bin/sh | ||
- -c | ||
- | | ||
( | ||
set -e | ||
# Install packages | ||
sudo apt update | ||
sudo apt install --yes dnsutils | ||
sudo apt install --yes iproute2 | ||
sudo apt install --yes inetutils-ping | ||
sudo apt install --yes inetutils-telnet | ||
sudo apt install --yes inetutils-traceroute | ||
sudo apt install --yes net-tools | ||
# Setup git | ||
git config --global user.name "${GITCONFIG_USER_NAME}" | ||
git config --global user.email "${GITCONFIG_USER_MAIL}" | ||
git config --global branch.autosetuprebase always | ||
git config --global --add safe.directory '/config' | ||
) > /tmp/postStart.log 2>&1 || true | ||
initContainers: | ||
config: | ||
image: | ||
repository: ghcr.io/prehor/alpine-toolbox | ||
tag: 3.20.1 | ||
args: | ||
- /entrypoint.sh | ||
- /bin/bash | ||
- -c | ||
- | | ||
set -ex | ||
# Clone ebusd-config repository | ||
if [ ! -e "/config/.git" ]; then | ||
git clone [email protected]:prehor/ebusd-config.git /config/.ebusd-config | ||
mv /config/.ebusd-config/* /config/.ebusd-config/.* /config | ||
rmdir /config/.ebusd-config/ | ||
fi | ||
# Fetch mqtt-hassio.cfg | ||
if [ ! -e "/config/mqtt-hassio.cfg" ]; then | ||
curl https://raw.githubusercontent.com/john30/ebusd/master/contrib/etc/ebusd/mqtt-hassio.cfg -o /config/mqtt-hassio.cfg | ||
fi | ||
# Fetch contrib/html | ||
if [ ! -e "/config/html" ]; then | ||
mkdir /config/html | ||
curl -L https://github.com/john30/ebusd/archive/refs/tags/23.3.tar.gz | | ||
tar -C /tmp xfz https://github.com/john30/ebusd/archive/refs/tags/${EBUSD_VERSION#v}.tar.gz | ||
fi | ||
env: | ||
EBUSD_VERSION: *version | ||
envFrom: | ||
- secretRef: | ||
name: ebusd-secret | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 64Mi | ||
limits: | ||
cpu: 500m | ||
memory: 512Mi | ||
emqx-init: | ||
image: | ||
repository: ghcr.io/prehor/emqx-init | ||
tag: 1.0.0 | ||
envFrom: | ||
- secretRef: | ||
name: ebusd-emqx-init | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 64Mi | ||
limits: | ||
cpu: 500m | ||
memory: 512Mi | ||
service: | ||
app: | ||
controller: ebusd | ||
ports: | ||
http: | ||
port: 8888 | ||
code-server: | ||
port: 80 | ||
ingress: | ||
app: | ||
enabled: true | ||
className: internal | ||
hosts: | ||
- host: &host ebus.${SECRET_DOMAIN} | ||
paths: | ||
- path: / | ||
service: | ||
identifier: app | ||
port: http | ||
tls: | ||
- hosts: | ||
- *host | ||
code-server: | ||
className: internal | ||
hosts: | ||
- host: &host "ebush.${SECRET_DOMAIN}" | ||
paths: | ||
- path: / | ||
service: | ||
identifier: app | ||
port: code-server | ||
tls: | ||
- hosts: | ||
- *host | ||
persistence: | ||
config: | ||
existingClaim: *app | ||
deploy-key: | ||
type: secret | ||
name: ebusd-config-deploy-key | ||
globalMounts: | ||
- path: /config/.ssh/id_ed25519 | ||
subPath: ssh-privatekey | ||
- path: /config/.ssh/known_hosts2 | ||
subPath: ssh-known-hosts | ||
tmp: | ||
type: emptyDir |
11 changes: 11 additions & 0 deletions
11
kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
resources: | ||
- ./config-deploy-key.sops.yaml | ||
- ./config-secrets.sops.yaml | ||
- ./emqx-init-secret.yaml | ||
- ./helmrelease.yaml | ||
- ./secret.yaml | ||
- ../../../../templates/volsync |
Oops, something went wrong.