✨ new talos cluster

kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helm-release.yaml

@@ -0,0 +1,75 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app zigbee2mqtt
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.0.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  dependsOn:
+    - name: node-feature-discovery
+      namespace: default
+    - name: emqx
+      namespace: default
+  values:
+    fullnameOverride: *app
+    image:
+      repository: koenkk/zigbee2mqtt
+      tag: 1.28.2
+    env:
+      TZ: "${TIMEZONE}"
+      ZIGBEE2MQTT_DATA: /data
+    service:
+      main:
+        ports:
+          http:
+            port: &port 8080
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        annotations:
+          auth.home.arpa/enabled: "true"
+        hosts:
+          - host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    securityContext:
+      privileged: true
+    persistence:
+      config:
+        enabled: true
+        existingClaim: zigbee2mqtt-config
+        mountPath: "/data"
+      usb:
+        enabled: true
+        type: hostPath
+        hostPath: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0
+        hostPathType: CharDevice
+    nodeSelector:
+      feature.node.kubernetes.io/custom-zigbee: "true"
+    resources:
+      requests:
+        memory: 100Mi
+        cpu: 100m
+      limits:
+        memory: 700Mi

kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+  - volume.yaml
+  - prometheus-rule.yaml
+patchesStrategicMerge:
+  - patches/env.yaml
+  - patches/exporter.yaml

kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml

@@ -0,0 +1,49 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: zigbee2mqtt
+  namespace: default
+spec:
+  values:
+    env:
+      TZ: "${TIMEZONE}"
+      ZIGBEE2MQTT_DATA: /data
+      ZIGBEE2MQTT_CONFIG_ADVANCED_HOMEASSISTANT_DISCOVERY_TOPIC: homeassistant
+      ZIGBEE2MQTT_CONFIG_ADVANCED_HOMEASSISTANT_LEGACY_ENTITY_ATTRIBUTES: "true"
+      ZIGBEE2MQTT_CONFIG_ADVANCED_HOMEASSISTANT_LEGACY_TRIGGERS: "true"
+      ZIGBEE2MQTT_CONFIG_ADVANCED_HOMEASSISTANT_STATUS_TOPIC: homeassistant/status
+      ZIGBEE2MQTT_CONFIG_ADVANCED_LAST_SEEN: ISO_8601
+      ZIGBEE2MQTT_CONFIG_ADVANCED_LEGACY_API: "false"
+      ZIGBEE2MQTT_CONFIG_ADVANCED_LEGACY_AVAILABILITY_PAYLOAD: "false"
+      ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_LEVEL: warn
+      ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_OUTPUT: '["console"]'
+      ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY: "[204, 61, 75, 23, 44, 230, 24, 203, 53, 5, 248, 32, 50, 84, 44, 159]"
+      ZIGBEE2MQTT_CONFIG_AVAILABILITY_ACTIVE_TIMEOUT: 60
+      ZIGBEE2MQTT_CONFIG_AVAILABILITY_PASSIVE_TIMEOUT: 2000
+      ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_LEGACY: "false"
+      ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true"
+      ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true"
+      ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: 8080
+      ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_CLUSTER_DOMAIN}"
+      ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: "true"
+      ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: "true"
+      ZIGBEE2MQTT_CONFIG_MQTT_KEEPALIVE: 60
+      ZIGBEE2MQTT_CONFIG_MQTT_REJECT_UNAUTHORIZED: "true"
+      ZIGBEE2MQTT_CONFIG_MQTT_SERVER: "mqtt://emqx.default.svc.cluster.local."
+      ZIGBEE2MQTT_CONFIG_MQTT_VERSION: 5
+      ZIGBEE2MQTT_CONFIG_MQTT_USER:
+        valueFrom:
+          secretKeyRef:
+            name: emqx-config
+            key: user_1_username
+      ZIGBEE2MQTT_CONFIG_MQTT_PASSWORD:
+        valueFrom:
+          secretKeyRef:
+            name: emqx-config
+            key: user_1_password
+      ZIGBEE2MQTT_CONFIG_PERMIT_JOIN: "false"
+      ZIGBEE2MQTT_CONFIG_SERIAL_PORT: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0
+
+      # ZIGBEE2MQTT_CONFIG_DEVICES: devices.yaml
+      # ZIGBEE2MQTT_CONFIG_GROUPS: groups.yaml

kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/exporter.yaml

@@ -0,0 +1,39 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app zigbee2mqtt
+  namespace: default
+spec:
+  values:
+    additionalContainers:
+      exporter:
+        name: exporter
+        image: docker.io/kpetrem/mqtt-exporter:latest@sha256:c70814150116a96e09292d08571a9e04f7df0048f152f7af2f167c09ad4ac95f
+        env:
+          - name: LOG_LEVEL
+            value: DEBUG
+          - name: LOG_MQTT_MESSAGE
+            value: "True"
+          - name: MQTT_ADDRESS
+            value: emqx.default.svc.cluster.local
+          - name: MQTT_TOPIC
+            value: "zigbee2mqtt/#"
+          - name: MQTT_V5_PROTOCOL
+            value: "True"
+          - name: MQTT_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: emqx-config
+                key: user_1_username
+          - name: MQTT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: emqx-config
+                key: user_1_password
+          - name: PROMETHEUS_PORT
+            value: &port 80
+          - name: PROMETHEUS_PREFIX
+            value: zigbee2mqtt_
+          - name: ZIGBEE2MQTT_AVAILABILITY
+            value: "True"

kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: zigbee2mqtt-exporter
+  namespace: default
+spec:
+  groups:
+    - name: zigbee2mqtt-exporter.rules
+      rules:
+        - alert: Zigbee2MqttExporterAbsent
+          annotations:
+            summary: Zigbee2Mqtt Exporter has disappeared from Prometheus target discovery.
+          expr: absent(up{job=~".*mqtt-exporter.*"} == 1)
+          for: 15m
+          labels:
+            severity: critical
+        - alert: Zigbee2MqttUnavailable
+          annotations:
+            summary: The zigbee device connection is lost,
+              connection on topic {{$labels.topic}} is down.
+          expr: zigbee2mqtt_zigbee_availability == 0
+          for: 60m
+          labels:
+            severity: critical
+        - alert: Zigbee2MqttBatteryLow
+          annotations:
+            summary: The zigbee device battery level is low,
+              battery level on topic {{$labels.topic}} is at {{$value}}%.
+          expr: zigbee2mqtt_battery < 10
+          for: 60m
+          labels:
+            severity: warning

kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/volume.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: zigbee2mqtt-config
+  namespace: default
+  labels:
+    app.kubernetes.io/name: &name zigbee2mqtt
+    app.kubernetes.io/instance: *name
+    snapshot.home.arpa/enabled: "true"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 1Gi