From 4ab17e0913fb2551a13e3bc02caea1ebb2819508 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sun, 12 Nov 2023 20:45:54 +0100 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20homelab?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kubernetes/apps/default/homelab/ks.yaml | 60 +++++++++++++++++++ .../minio/backup}/helmrelease.yaml | 16 +++-- .../homelab/minio/backup/kustomization.yaml | 15 +++++ .../homelab/minio/backup/minio-rclone.sh | 17 ++++++ .../default/homelab/minio/backup/rclone.conf | 22 +++++++ .../default/homelab/minio/externalsecret.yaml | 28 +++++++++ .../default/homelab/minio/kustomization.yaml | 8 +++ .../opnsense/backup}/helmrelease.yaml | 7 ++- .../opnsense/backup}/kustomization.yaml | 4 +- .../opnsense/backup}/opnsense-backup.sh | 0 .../opnsense/backup}/readme.md | 0 .../app => homelab/opnsense}/dashboard.json | 0 .../opnsense}/externalsecret.yaml | 6 +- .../opnsense}/kustomization.yaml | 5 +- .../truenas}/backup/helmrelease.yaml | 8 +-- .../truenas}/backup/kustomization.yaml | 2 +- .../truenas}/backup/truenas-backup.sh | 0 .../truenas}/certs-deploy/helmrelease.yaml | 10 ++-- .../truenas}/certs-deploy/kustomization.yaml | 2 +- .../certs-deploy/truenas-certs-deploy.py | 0 .../certs-deploy/truenas-certs-deploy.sh | 0 .../truenas}/externalsecret.yaml | 9 ++- .../truenas}/kustomization.yaml | 1 - .../default/{ => homelab}/truenas/readme.md | 0 kubernetes/apps/default/kustomization.yaml | 3 +- kubernetes/apps/default/opnsense/ks.yaml | 20 ------- .../truenas/app/minio-rclone/minio-rclone.sh | 20 ------- kubernetes/apps/default/truenas/ks.yaml | 18 ------ 28 files changed, 183 insertions(+), 98 deletions(-) create mode 100644 kubernetes/apps/default/homelab/ks.yaml rename kubernetes/apps/default/{truenas/app/minio-rclone => homelab/minio/backup}/helmrelease.yaml (85%) create mode 100644 kubernetes/apps/default/homelab/minio/backup/kustomization.yaml create mode 100755 kubernetes/apps/default/homelab/minio/backup/minio-rclone.sh create mode 100644 kubernetes/apps/default/homelab/minio/backup/rclone.conf create mode 100644 kubernetes/apps/default/homelab/minio/externalsecret.yaml create mode 100644 kubernetes/apps/default/homelab/minio/kustomization.yaml rename kubernetes/apps/default/{opnsense/app => homelab/opnsense/backup}/helmrelease.yaml (88%) rename kubernetes/apps/default/{truenas/app/minio-rclone => homelab/opnsense/backup}/kustomization.yaml (84%) rename kubernetes/apps/default/{opnsense/app => homelab/opnsense/backup}/opnsense-backup.sh (100%) rename kubernetes/apps/default/{opnsense => homelab/opnsense/backup}/readme.md (100%) rename kubernetes/apps/default/{opnsense/app => homelab/opnsense}/dashboard.json (100%) rename kubernetes/apps/default/{opnsense/app => homelab/opnsense}/externalsecret.yaml (83%) rename kubernetes/apps/default/{opnsense/app => homelab/opnsense}/kustomization.yaml (84%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/backup/helmrelease.yaml (92%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/backup/kustomization.yaml (90%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/backup/truenas-backup.sh (100%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/certs-deploy/helmrelease.yaml (91%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/certs-deploy/kustomization.yaml (90%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/certs-deploy/truenas-certs-deploy.py (100%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/certs-deploy/truenas-certs-deploy.sh (100%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/externalsecret.yaml (90%) rename kubernetes/apps/default/{truenas/app => homelab/truenas}/kustomization.yaml (93%) rename kubernetes/apps/default/{ => homelab}/truenas/readme.md (100%) delete mode 100644 kubernetes/apps/default/opnsense/ks.yaml delete mode 100755 kubernetes/apps/default/truenas/app/minio-rclone/minio-rclone.sh delete mode 100644 kubernetes/apps/default/truenas/ks.yaml diff --git a/kubernetes/apps/default/homelab/ks.yaml b/kubernetes/apps/default/homelab/ks.yaml new file mode 100644 index 000000000..45b68af12 --- /dev/null +++ b/kubernetes/apps/default/homelab/ks.yaml @@ -0,0 +1,60 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps-homnelab-minio + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + path: ./kubernetes/apps/default/homelab/minio + prune: true + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + dependsOn: + - name: cluster-apps-external-secrets-stores + interval: 30m + retryInterval: 1m + timeout: 3m +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps-homnelab-opnsense + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + path: ./kubernetes/apps/default/homelab/opnsense + prune: true + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + dependsOn: + - name: cluster-apps-external-secrets-stores + interval: 30m + retryInterval: 1m + timeout: 3m +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps-homnelab-truenas + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + path: ./kubernetes/apps/default/homelab/truenas + prune: true + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + dependsOn: + - name: cluster-apps-external-secrets-stores + interval: 30m + retryInterval: 1m + timeout: 3m diff --git a/kubernetes/apps/default/truenas/app/minio-rclone/helmrelease.yaml b/kubernetes/apps/default/homelab/minio/backup/helmrelease.yaml similarity index 85% rename from kubernetes/apps/default/truenas/app/minio-rclone/helmrelease.yaml rename to kubernetes/apps/default/homelab/minio/backup/helmrelease.yaml index e6d403670..6ccb293df 100644 --- a/kubernetes/apps/default/truenas/app/minio-rclone/helmrelease.yaml +++ b/kubernetes/apps/default/homelab/minio/backup/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: truenas-minio-rclone + name: homelab-minio-backup namespace: default spec: interval: 30m @@ -39,6 +39,9 @@ spec: repository: ghcr.io/auricom/rclone tag: 1.62.2@sha256:8d3ae01ed5295974be1b229f7398ce93a03c77a3fdaf301ea35bf929bb19389a command: ["/bin/bash", "/app/minio-rclone.sh"] + envFrom: + - secretRef: + name: homelab-minio-secret service: main: enabled: false @@ -49,17 +52,12 @@ spec: config: enabled: true type: configMap - name: truenas-minio-rclone-configmap + name: homelab-minio-configmap defaultMode: 0775 globalMounts: - path: /app/minio-rclone.sh subPath: minio-rclone.sh readOnly: true - age: - enabled: true - type: secret - name: truenas-secret - globalMounts: - - path: /app/age_key - subPath: SOPS_AGE_KEY + - path: /config/rclone.conf + subPath: rclone.conf readOnly: true diff --git a/kubernetes/apps/default/homelab/minio/backup/kustomization.yaml b/kubernetes/apps/default/homelab/minio/backup/kustomization.yaml new file mode 100644 index 000000000..1cc6f222d --- /dev/null +++ b/kubernetes/apps/default/homelab/minio/backup/kustomization.yaml @@ -0,0 +1,15 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: homelab-minio-configmap + files: + - ./minio-rclone.sh + - ./rclone.conf +generatorOptions: + disableNameSuffixHash: true + diff --git a/kubernetes/apps/default/homelab/minio/backup/minio-rclone.sh b/kubernetes/apps/default/homelab/minio/backup/minio-rclone.sh new file mode 100755 index 000000000..85fdd6e27 --- /dev/null +++ b/kubernetes/apps/default/homelab/minio/backup/minio-rclone.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -o nounset +set -o errexit + +# Replace the placeholders in the file with the environment variables values +cp /config/rclone.conf /tmp/rclone.conf +sed -i "s@__RCLONE_ACCESS_ID__@$RCLONE_ACCESS_ID@g" "/tmp/rclone.conf" +sed -i "s@__RCLONE_SECRET_KEY__@$RCLONE_SECRET_KEY@g" "/tmp/rclone.conf" +sed -i "s@__PASSWORD__@$GDRIVE_PASSWORD@g" "/tmp/rclone.conf" +sed -i "s@__PASSWORD2__@$GDRIVE_PASSWORD2@g" "/tmp/rclone.conf" +sed -i "s@__GDRIVE_CLIENT_ID__@$GDRIVE_CLIENT_ID@g" "/tmp/rclone.conf" +sed -i "s@__GDRIVE_CLIENT_SECRET__@$GDRIVE_CLIENT_SECRET@g" "/tmp/rclone.conf" +sed -i "s@__GDRIVE_TOKEN__@$GDRIVE_TOKEN@g" "/tmp/rclone.conf" + +echo "Sync minio buckets with encrypted remote gdrive-homelab-backups ..." +rclone --config /tmp/rclone.conf sync minio: gdrive-homelab-backups: diff --git a/kubernetes/apps/default/homelab/minio/backup/rclone.conf b/kubernetes/apps/default/homelab/minio/backup/rclone.conf new file mode 100644 index 000000000..3b0df3c60 --- /dev/null +++ b/kubernetes/apps/default/homelab/minio/backup/rclone.conf @@ -0,0 +1,22 @@ +[minio] +type = s3 +provider = Minio +access_key_id = __RCLONE_ACCESS_ID__ +secret_access_key = __RCLONE_SECRET_KEY__ +endpoint = https://minio.${SECRET_DOMAIN}:51515 +acl = private + +[gdrive-homelab-backups] +type = crypt +remote = gdrive:homelab-backups +directory_name_encryption = false +password = __PASSWORD__ +password2 = __PASSWORD2__ + +[gdrive] +type = drive +client_id = __GDRIVE_CLIENT_ID__ +client_secret = __GDRIVE_CLIENT_SECRET__ +scope = drive.file +token = __GDRIVE_TOKEN__ +team_drive = diff --git a/kubernetes/apps/default/homelab/minio/externalsecret.yaml b/kubernetes/apps/default/homelab/minio/externalsecret.yaml new file mode 100644 index 000000000..74eebb229 --- /dev/null +++ b/kubernetes/apps/default/homelab/minio/externalsecret.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: homelab-minio + namespace: default +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: homelab-minio-secret + creationPolicy: Owner + template: + data: + # App + GDRIVE_CLIENT_ID: "{{ .GDRIVE_CLIENT_ID }}" + GDRIVE_CLIENT_SECRET: "{{ .GDRIVE_CLIENT_SECRET }}" + GDRIVE_TOKEN: "{{ .GDRIVE_TOKEN }}" + GDRIVE_PASSWORD: "{{ .GDRIVE_PASSWORD }}" + GDRIVE_PASSWORD2: "{{ .GDRIVE_PASSWORD2 }}" + RCLONE_ACCESS_ID: "{{ .RCLONE_ACCESS_ID }}" + RCLONE_SECRET_KEY: "{{ .RCLONE_SECRET_KEY }}" + + dataFrom: + - extract: + key: homelab-minio diff --git a/kubernetes/apps/default/homelab/minio/kustomization.yaml b/kubernetes/apps/default/homelab/minio/kustomization.yaml new file mode 100644 index 000000000..96d93b3f1 --- /dev/null +++ b/kubernetes/apps/default/homelab/minio/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./backup + - ./externalsecret.yaml diff --git a/kubernetes/apps/default/opnsense/app/helmrelease.yaml b/kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml similarity index 88% rename from kubernetes/apps/default/opnsense/app/helmrelease.yaml rename to kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml index 91478118d..8cdce93f9 100644 --- a/kubernetes/apps/default/opnsense/app/helmrelease.yaml +++ b/kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: opnsense-backup + name: homelab-opnsense-backup namespace: default spec: interval: 30m @@ -38,12 +38,13 @@ spec: image: repository: ghcr.io/auricom/kubectl tag: 1.28.3@sha256:536e3a2a8222d56637208c207a5b77a7d656175a29b899383d5a1bb1d1e48438 + command: ["/bin/bash", "/app/opnsense-backup.sh"] env: OPNSENSE_URL: "https://opnsense.${SECRET_DOMAIN}" S3_URL: "https://truenas.${SECRET_DOMAIN}:51515" envFrom: - secretRef: - name: opnsense-backup-secret + name: homelab-opnsense-secret service: main: enabled: false @@ -51,7 +52,7 @@ spec: config: enabled: true type: configMap - name: opnsense-backup-configmap + name: homelab-opnsense-backup-configmap defaultMode: 0775 globalMounts: - path: /app/opnsense-backup.sh diff --git a/kubernetes/apps/default/truenas/app/minio-rclone/kustomization.yaml b/kubernetes/apps/default/homelab/opnsense/backup/kustomization.yaml similarity index 84% rename from kubernetes/apps/default/truenas/app/minio-rclone/kustomization.yaml rename to kubernetes/apps/default/homelab/opnsense/backup/kustomization.yaml index 79c8043b3..f2a9021f6 100644 --- a/kubernetes/apps/default/truenas/app/minio-rclone/kustomization.yaml +++ b/kubernetes/apps/default/homelab/opnsense/backup/kustomization.yaml @@ -6,9 +6,9 @@ namespace: default resources: - ./helmrelease.yaml configMapGenerator: - - name: truenas-minio-rclone-configmap + - name: homelab-opnsense-backup-configmap files: - - ./minio-rclone.sh + - ./opnsense-backup.sh generatorOptions: disableNameSuffixHash: true annotations: diff --git a/kubernetes/apps/default/opnsense/app/opnsense-backup.sh b/kubernetes/apps/default/homelab/opnsense/backup/opnsense-backup.sh similarity index 100% rename from kubernetes/apps/default/opnsense/app/opnsense-backup.sh rename to kubernetes/apps/default/homelab/opnsense/backup/opnsense-backup.sh diff --git a/kubernetes/apps/default/opnsense/readme.md b/kubernetes/apps/default/homelab/opnsense/backup/readme.md similarity index 100% rename from kubernetes/apps/default/opnsense/readme.md rename to kubernetes/apps/default/homelab/opnsense/backup/readme.md diff --git a/kubernetes/apps/default/opnsense/app/dashboard.json b/kubernetes/apps/default/homelab/opnsense/dashboard.json similarity index 100% rename from kubernetes/apps/default/opnsense/app/dashboard.json rename to kubernetes/apps/default/homelab/opnsense/dashboard.json diff --git a/kubernetes/apps/default/opnsense/app/externalsecret.yaml b/kubernetes/apps/default/homelab/opnsense/externalsecret.yaml similarity index 83% rename from kubernetes/apps/default/opnsense/app/externalsecret.yaml rename to kubernetes/apps/default/homelab/opnsense/externalsecret.yaml index 1c1e2f093..628f274d2 100644 --- a/kubernetes/apps/default/opnsense/app/externalsecret.yaml +++ b/kubernetes/apps/default/homelab/opnsense/externalsecret.yaml @@ -3,16 +3,16 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: opnsense-backup + name: homelab-opnsense namespace: default spec: secretStoreRef: kind: ClusterSecretStore name: onepassword-connect target: - name: opnsense-backup-secret + name: homelab-opnsense-secret creationPolicy: Owner dataFrom: - extract: # OPNSENSE_KEY, OPNSENSE_SECRET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - key: opnsense-backup + key: homelab-opnsense diff --git a/kubernetes/apps/default/opnsense/app/kustomization.yaml b/kubernetes/apps/default/homelab/opnsense/kustomization.yaml similarity index 84% rename from kubernetes/apps/default/opnsense/app/kustomization.yaml rename to kubernetes/apps/default/homelab/opnsense/kustomization.yaml index d1ee74d42..f1ded82cb 100644 --- a/kubernetes/apps/default/opnsense/app/kustomization.yaml +++ b/kubernetes/apps/default/homelab/opnsense/kustomization.yaml @@ -4,12 +4,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: default resources: + - ./backup - ./externalsecret.yaml - - ./helmrelease.yaml configMapGenerator: - - name: opnsense-backup-configmap - files: - - ./opnsense-backup.sh - name: opnsense-dashboard files: - opnsense-dashboard.json=./dashboard.json diff --git a/kubernetes/apps/default/truenas/app/backup/helmrelease.yaml b/kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml similarity index 92% rename from kubernetes/apps/default/truenas/app/backup/helmrelease.yaml rename to kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml index ff6e63f8f..ccf73a1ad 100644 --- a/kubernetes/apps/default/truenas/app/backup/helmrelease.yaml +++ b/kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: truenas-backup + name: homelab-truenas-backup namespace: default spec: interval: 30m @@ -43,7 +43,7 @@ spec: HOSTNAME: truenas envFrom: &envFrom - secretRef: - name: truenas-secret + name: &secret homelab-truenas-secret truenas-remote-backup: name: truenas-remote-backup image: @@ -60,7 +60,7 @@ spec: config: enabled: true type: configMap - name: truenas-backup-configmap + name: homelab-truenas-backup-configmap defaultMode: 0775 globalMounts: - path: /app/truenas-backup.sh @@ -68,7 +68,7 @@ spec: readOnly: true ssh: type: secret - name: truenas-secret + name: *secret defaultMode: 0775 globalMounts: - path: /opt/id_rsa diff --git a/kubernetes/apps/default/truenas/app/backup/kustomization.yaml b/kubernetes/apps/default/homelab/truenas/backup/kustomization.yaml similarity index 90% rename from kubernetes/apps/default/truenas/app/backup/kustomization.yaml rename to kubernetes/apps/default/homelab/truenas/backup/kustomization.yaml index e4879db6d..b1e09a186 100644 --- a/kubernetes/apps/default/truenas/app/backup/kustomization.yaml +++ b/kubernetes/apps/default/homelab/truenas/backup/kustomization.yaml @@ -6,7 +6,7 @@ namespace: default resources: - ./helmrelease.yaml configMapGenerator: - - name: truenas-backup-configmap + - name: homelab-truenas-backup-configmap files: - ./truenas-backup.sh generatorOptions: diff --git a/kubernetes/apps/default/truenas/app/backup/truenas-backup.sh b/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh similarity index 100% rename from kubernetes/apps/default/truenas/app/backup/truenas-backup.sh rename to kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh diff --git a/kubernetes/apps/default/truenas/app/certs-deploy/helmrelease.yaml b/kubernetes/apps/default/homelab/truenas/certs-deploy/helmrelease.yaml similarity index 91% rename from kubernetes/apps/default/truenas/app/certs-deploy/helmrelease.yaml rename to kubernetes/apps/default/homelab/truenas/certs-deploy/helmrelease.yaml index 7e550ffa0..0b737448f 100644 --- a/kubernetes/apps/default/truenas/app/certs-deploy/helmrelease.yaml +++ b/kubernetes/apps/default/homelab/truenas/certs-deploy/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: truenas-certs-deploy + name: homelab-truenas-certs-deploy namespace: default spec: interval: 30m @@ -45,7 +45,7 @@ spec: CERTS_DEPLOY_S3_ENABLED: "True" envFrom: &envFrom - secretRef: - name: truenas-secret + name: &secret homelab-truenas-secret truenas-remote-certs-deploy: image: repository: ghcr.io/auricom/kubectl @@ -63,7 +63,7 @@ spec: config: enabled: true type: configMap - name: truenas-certs-deploy-configmap + name: homelab-truenas-certs-deploy-configmap defaultMode: 0775 globalMounts: - path: /app/truenas-certs-deploy.sh @@ -71,7 +71,7 @@ spec: readOnly: true config-python: type: configMap - name: truenas-certs-deploy-configmap + name: homelab-truenas-certs-deploy-configmap defaultMode: 0775 globalMounts: - path: /app/truenas-certs-deploy.py @@ -79,7 +79,7 @@ spec: readOnly: true ssh: type: secret - name: truenas-secret + name: *secret defaultMode: 0775 globalMounts: - path: /opt/id_rsa diff --git a/kubernetes/apps/default/truenas/app/certs-deploy/kustomization.yaml b/kubernetes/apps/default/homelab/truenas/certs-deploy/kustomization.yaml similarity index 90% rename from kubernetes/apps/default/truenas/app/certs-deploy/kustomization.yaml rename to kubernetes/apps/default/homelab/truenas/certs-deploy/kustomization.yaml index d3dc32f8a..ccbe1bbb8 100644 --- a/kubernetes/apps/default/truenas/app/certs-deploy/kustomization.yaml +++ b/kubernetes/apps/default/homelab/truenas/certs-deploy/kustomization.yaml @@ -6,7 +6,7 @@ namespace: default resources: - ./helmrelease.yaml configMapGenerator: - - name: truenas-certs-deploy-configmap + - name: homelab-truenas-certs-deploy-configmap files: - ./truenas-certs-deploy.sh - ./truenas-certs-deploy.py diff --git a/kubernetes/apps/default/truenas/app/certs-deploy/truenas-certs-deploy.py b/kubernetes/apps/default/homelab/truenas/certs-deploy/truenas-certs-deploy.py similarity index 100% rename from kubernetes/apps/default/truenas/app/certs-deploy/truenas-certs-deploy.py rename to kubernetes/apps/default/homelab/truenas/certs-deploy/truenas-certs-deploy.py diff --git a/kubernetes/apps/default/truenas/app/certs-deploy/truenas-certs-deploy.sh b/kubernetes/apps/default/homelab/truenas/certs-deploy/truenas-certs-deploy.sh similarity index 100% rename from kubernetes/apps/default/truenas/app/certs-deploy/truenas-certs-deploy.sh rename to kubernetes/apps/default/homelab/truenas/certs-deploy/truenas-certs-deploy.sh diff --git a/kubernetes/apps/default/truenas/app/externalsecret.yaml b/kubernetes/apps/default/homelab/truenas/externalsecret.yaml similarity index 90% rename from kubernetes/apps/default/truenas/app/externalsecret.yaml rename to kubernetes/apps/default/homelab/truenas/externalsecret.yaml index c7da46ea0..836eab191 100644 --- a/kubernetes/apps/default/truenas/app/externalsecret.yaml +++ b/kubernetes/apps/default/homelab/truenas/externalsecret.yaml @@ -3,14 +3,14 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: truenas + name: homelab-truenas namespace: default spec: secretStoreRef: kind: ClusterSecretStore name: onepassword-connect target: - name: truenas-secret + name: homelab-truenas-secret creationPolicy: Owner template: data: @@ -24,13 +24,12 @@ spec: TRUENAS_REMOTE_API_KEY: "{{ .TRUENAS_REMOTE_API_KEY }}" SECRET_DOMAIN: "{{ .SECRET_DOMAIN }}" SECRET_PUBLIC_DOMAIN: "{{ .SECRET_PUBLIC_DOMAIN }}" - SOPS_AGE_KEY: "{{ .SOPS_AGE_KEY }}" dataFrom: - extract: key: generic + - extract: + key: homelab-truenas - extract: key: pushover - extract: key: sops - - extract: - key: truenas diff --git a/kubernetes/apps/default/truenas/app/kustomization.yaml b/kubernetes/apps/default/homelab/truenas/kustomization.yaml similarity index 93% rename from kubernetes/apps/default/truenas/app/kustomization.yaml rename to kubernetes/apps/default/homelab/truenas/kustomization.yaml index 2c9ba5a21..179bbd8cf 100644 --- a/kubernetes/apps/default/truenas/app/kustomization.yaml +++ b/kubernetes/apps/default/homelab/truenas/kustomization.yaml @@ -7,4 +7,3 @@ resources: - ./backup - ./certs-deploy - ./externalsecret.yaml - - ./minio-rclone diff --git a/kubernetes/apps/default/truenas/readme.md b/kubernetes/apps/default/homelab/truenas/readme.md similarity index 100% rename from kubernetes/apps/default/truenas/readme.md rename to kubernetes/apps/default/homelab/truenas/readme.md diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index 50bfc3d11..22de50e91 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -20,6 +20,7 @@ resources: - ./hajimari/ks.yaml - ./home-assistant/ks.yaml - ./homebox/ks.yaml + - ./homelab/ks.yaml - ./immich/ks.yaml - ./invidious/ks.yaml - ./jellyfin/ks.yaml @@ -38,7 +39,6 @@ resources: - ./media-browser/ks.yaml - ./music-transcode/ks.yaml - ./navidrome/ks.yaml - - ./opnsense/ks.yaml - ./outline/ks.yaml - ./paperless/ks.yaml - ./pgadmin/ks.yaml @@ -54,7 +54,6 @@ resources: - ./sonarr/ks.yaml - ./smtp-relay/ks.yaml - ./tandoor/ks.yaml - - ./truenas/ks.yaml - ./unifi/ks.yaml - ./vaultwarden/ks.yaml - ./vikunja/ks.yaml diff --git a/kubernetes/apps/default/opnsense/ks.yaml b/kubernetes/apps/default/opnsense/ks.yaml deleted file mode 100644 index 50c1d314b..000000000 --- a/kubernetes/apps/default/opnsense/ks.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-apps-opnsense - namespace: flux-system - labels: - substitution.flux.home.arpa/enabled: "true" -spec: - path: ./kubernetes/apps/default/opnsense/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - dependsOn: - - name: cluster-apps-external-secrets-stores - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/kubernetes/apps/default/truenas/app/minio-rclone/minio-rclone.sh b/kubernetes/apps/default/truenas/app/minio-rclone/minio-rclone.sh deleted file mode 100755 index 888b1ae86..000000000 --- a/kubernetes/apps/default/truenas/app/minio-rclone/minio-rclone.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -set -o nounset -set -o errexit - - - -echo "Download rclone config file ..." -curl -fsSL \ - --output "/tmp/rclone.conf.age" \ - "https://raw.githubusercontent.com/auricom/dotfiles/main/private_dot_config/rclone/encrypted_private_rclone.conf.age" - -echo "Decrypt rclone config file ..." -age --decrypt \ - -i /app/age_key \ - /tmp/rclone.conf.age > /tmp/rclone.conf - - -echo "Sync minio buckets with encrypted remote gdrive-homelab-backups ..." -rclone --config /tmp/rclone.conf sync minio: gdrive-homelab-backups: diff --git a/kubernetes/apps/default/truenas/ks.yaml b/kubernetes/apps/default/truenas/ks.yaml deleted file mode 100644 index d8b9246b0..000000000 --- a/kubernetes/apps/default/truenas/ks.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-apps-truenas - namespace: flux-system - labels: - substitution.flux.home.arpa/enabled: "true" -spec: - path: ./kubernetes/apps/default/truenas - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - interval: 30m - retryInterval: 1m - timeout: 3m