feat: migrate from emqx to mosquitto

2025-09-17 18:24:14 +02:00 · 2025-06-21 21:31:04 +02:00
parent 8411f0f0a2
commit 8b760eab07
179 changed files with 148 additions and 546 deletions
--- a/kubernetes/apps/flux-system/alerts/alertmanager/alert.yaml
+++ b/kubernetes/apps/flux-system/alerts/alertmanager/alert.yaml
@@ -1,30 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Alert
-metadata:
-  name: alertmanager
-  namespace: flux-system
-spec:
-  providerRef:
-    name: alertmanager
-  eventSeverity: error
-  eventSources:
-    # - kind: FluxInstance
-    #   name: "*"
-    - kind: GitRepository
-      name: "*"
-    - kind: HelmRelease
-      name: "*"
-    - kind: HelmRepository
-      name: "*"
-    - kind: Kustomization
-      name: "*"
-    - kind: OCIRepository
-      name: "*"
-  exclusionList:
-    - "error.*lookup github\\.com"
-    - "error.*lookup raw\\.githubusercontent\\.com"
-    - "dial.*tcp.*timeout"
-    - "waiting.*socket"
-  suspend: false
--- a/kubernetes/apps/flux-system/alerts/alertmanager/kustomization.yaml
+++ b/kubernetes/apps/flux-system/alerts/alertmanager/kustomization.yaml
@@ -1,7 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./alert.yaml
-  - ./provider.yaml
--- a/kubernetes/apps/flux-system/alerts/alertmanager/provider.yaml
+++ b/kubernetes/apps/flux-system/alerts/alertmanager/provider.yaml
@@ -1,10 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Provider
-metadata:
-  name: alertmanager
-  namespace: flux-system
-spec:
-  type: alertmanager
-  address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/
--- a/kubernetes/apps/flux-system/alerts/github-status/alert.yaml
+++ b/kubernetes/apps/flux-system/alerts/github-status/alert.yaml
@@ -1,13 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Alert
-metadata:
-  name: github-status
-  namespace: flux-system
-spec:
-  providerRef:
-    name: github-status
-  eventSources:
-    - kind: Kustomization
-      name: "*"
--- a/kubernetes/apps/flux-system/alerts/github-status/externalsecret.yaml
+++ b/kubernetes/apps/flux-system/alerts/github-status/externalsecret.yaml
@@ -1,19 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: github-status-token
-  namespace: flux-system
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: github-status-token-secret
-    template:
-      data:
-        token: "{{ .GITHUB_NOTIFICATION_TOKEN }}"
-  dataFrom:
-    - extract:
-        key: flux
--- a/kubernetes/apps/flux-system/alerts/github-status/kustomization.yaml
+++ b/kubernetes/apps/flux-system/alerts/github-status/kustomization.yaml
@@ -1,8 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./alert.yaml
-  - ./externalsecret.yaml
-  - ./provider.yaml
--- a/kubernetes/apps/flux-system/alerts/github-status/provider.yaml
+++ b/kubernetes/apps/flux-system/alerts/github-status/provider.yaml
@@ -1,12 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Provider
-metadata:
-  name: github-status
-  namespace: flux-system
-spec:
-  type: github
-  address: https://github.com/auricom/home-ops
-  secretRef:
-    name: github-status-token-secret
--- a/kubernetes/apps/flux-system/alerts/kustomization.yaml
+++ b/kubernetes/apps/flux-system/alerts/kustomization.yaml
@@ -1,7 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./alertmanager
-  - ./github-status
--- a/kubernetes/apps/flux-system/cluster.yaml
+++ b/kubernetes/apps/flux-system/cluster.yaml
@@ -1,47 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: home-ops-kubernetes
-  namespace: flux-system
-spec:
-  interval: 30m
-  # https://github.com/k8s-at-home/template-cluster-k3s/issues/324
-  url: ssh://git@github.com/auricom/home-ops
-  ref:
-    branch: main
-  secretRef:
-    name: github-deploy-key
-  ignore: |
-    # exclude all
-    /*
-    # include kubernetes directory
-    !/kubernetes
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: flux-cluster
-  namespace: flux-system
-spec:
-  interval: 30m
-  path: ./kubernetes/flux
-  prune: true
-  wait: false
-  sourceRef:
-    kind: GitRepository
-    name: home-ops-kubernetes
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
-  postBuild:
-    substituteFrom:
-      - kind: ConfigMap
-        name: cluster-settings
-        optional: false
-      - kind: Secret
-        name: cluster-secrets
-        optional: false
--- a/kubernetes/apps/flux-system/flux-instance/app/receiver.yaml
+++ b/kubernetes/apps/flux-system/flux-instance/app/receiver.yaml
@@ -12,7 +12,7 @@ spec:
  resources:
    - apiVersion: source.toolkit.fluxcd.io/v1
      kind: GitRepository
-      name: home-ops-kubernetes
+      name: flux-system
    - apiVersion: kustomize.toolkit.fluxcd.io/v1
      kind: Kustomization
      name: apps
--- a/kubernetes/apps/flux-system/flux-instance/ks.yaml
+++ b/kubernetes/apps/flux-system/flux-instance/ks.yaml
@@ -18,7 +18,7 @@ spec:
  retryInterval: 2m
  sourceRef:
    kind: GitRepository
-    name: home-ops-kubernetes
+    name: flux-system
    namespace: *namespace
  targetNamespace: *namespace
  timeout: 5m
--- a/kubernetes/apps/flux-system/flux-operator/ks.yaml
+++ b/kubernetes/apps/flux-system/flux-operator/ks.yaml
@@ -20,7 +20,7 @@ spec:
  retryInterval: 2m
  sourceRef:
    kind: GitRepository
-    name: home-ops-kubernetes
+    name: flux-system
    namespace: *namespace
  targetNamespace: *namespace
  timeout: 5m
--- a/kubernetes/apps/flux-system/kustomization.yaml
+++ b/kubernetes/apps/flux-system/kustomization.yaml
@@ -2,13 +2,9 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+# components:
+#   - ../../components/common
 resources:
-  # Pre Flux-Kustomizations
-  - ./namespace.yaml
-  # Standard Resources
-  - ./alerts
-  - ./cluster.yaml
  - ./flux-instance/ks.yaml
  - ./flux-operator/ks.yaml
  - ./repositories
-  - ./vars
--- a/kubernetes/apps/flux-system/namespace.yaml
+++ b/kubernetes/apps/flux-system/namespace.yaml
@@ -1,45 +0,0 @@
---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: flux-system
-  labels:
-    kustomize.toolkit.fluxcd.io/prune: disabled
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Provider
-metadata:
-  name: alert-manager
-  namespace: flux-system
-spec:
-  type: alertmanager
-  address: http://kube-prometheus-stack-alertmanager.observability:9093/api/v2/alerts/
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Alert
-metadata:
-  name: alert-manager
-  namespace: flux-system
-spec:
-  providerRef:
-    name: alert-manager
-  eventSeverity: error
-  eventSources:
-    - kind: GitRepository
-      name: "*"
-    - kind: HelmRelease
-      name: "*"
-    - kind: HelmRepository
-      name: "*"
-    - kind: Kustomization
-      name: "*"
-    - kind: OCIRepository
-      name: "*"
-  exclusionList:
-    - "error.*lookup github\\.com"
-    - "error.*lookup raw\\.githubusercontent\\.com"
-    - "dial.*tcp.*timeout"
-    - "waiting.*socket"
-  suspend: false
--- a/kubernetes/apps/flux-system/repositories/helm/cert-manager-webhook-ovh.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/cert-manager-webhook-ovh.yaml
@@ -1,10 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: cert-manager-webhook-ovh
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://aureq.github.io/cert-manager-webhook-ovh/
--- a/kubernetes/apps/flux-system/repositories/helm/emxq.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/emxq.yaml
@@ -1,11 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: emqx
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://repos.emqx.io/charts
-  timeout: 3m
--- a/kubernetes/apps/flux-system/repositories/helm/kustomization.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/kustomization.yaml
@@ -3,8 +3,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./cert-manager-webhook-ovh.yaml
-  - ./emxq.yaml
  - ./external-dns.yaml
  - ./external-secrets.yaml
  - ./grafana.yaml
--- a/kubernetes/apps/flux-system/repositories/kustomization.yaml
+++ b/kubernetes/apps/flux-system/repositories/kustomization.yaml
@@ -4,4 +4,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./helm
-  - ./oci
--- a/kubernetes/apps/flux-system/repositories/oci/app-template.yaml
+++ b/kubernetes/apps/flux-system/repositories/oci/app-template.yaml
@@ -1,17 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1beta2.json
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: OCIRepository
-metadata:
-  name: app-template
-  namespace: flux-system
-spec:
-  interval: 1h
-  layerSelector:
-    mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
-    operation: copy
-  ref:
-    tag: 3.7.3
-  url: oci://ghcr.io/bjw-s/helm/app-template
-  verify:
-    provider: cosign
--- a/kubernetes/apps/flux-system/repositories/oci/kustomization.yaml
+++ b/kubernetes/apps/flux-system/repositories/oci/kustomization.yaml
@@ -1,6 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./app-template.yaml
--- a/kubernetes/apps/flux-system/vars/cluster-secrets.sops.yaml
+++ b/kubernetes/apps/flux-system/vars/cluster-secrets.sops.yaml
@@ -1,36 +0,0 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.1-standalone-strict/secret-v1.json
-apiVersion: v1
-kind: Secret
-metadata:
-    name: cluster-secrets
-    namespace: flux-system
-stringData:
-    SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:8HotHVJva77fd9S+j2BB,iv:fqCDD0NuK9ySCsGGT3G4QsfViM2L9oPp9ZLgwXf0tLI=,tag:rX1quD8RTjvzV75fmwmC6w==,type:str]
-    SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str]
-    SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:nS0cVHEiuEk1w43AjcWNjGVecEr8RZr4iXsMCO9152bn2wWc,iv:jDz8AP6eCF5+CASt3ogR8vzAO5VkbZQ3pY2+AFmz15U=,tag:DVKZ3xSZLrW9pQIx0HJRCQ==,type:str]
-    SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str]
-    SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:Brd9H7gizPxew+4=,iv:YaIxv9TFF0mAks9gJXwXA1N7b8k5mcSJ6hs9lpaUV/M=,tag:8xdRoWun3IUVywagpsrsBw==,type:str]
-    SECRET_INTERNAL_DOMAIN: ENC[AES256_GCM,data:WLuQAi9JsUsD5Q==,iv:Zc+5/rQONxepZFVC/ia01aBdlVyG99thOeIipeAVS3E=,tag:FwwjDKoUMfZ/taFPRRThOQ==,type:str]
-    SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY: ENC[AES256_GCM,data:ecukkFOK40WWIxJ48sXrxJUBaHx2BnzqxkIT+cXYZg4=,iv:y6AfslVPufBfrIL3GQqTw0cDAan64mB9J7RY9OzKQqw=,tag:+V4Rgz26wey2UtA32S0PJQ==,type:str]
-    SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str]
-    SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str]
-    SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_TOKEN: ENC[AES256_GCM,data:Bwvuy/jHIRduy/r1A8dOs0OE8ewdjCgs8g/br1oW,iv:PdnPH9I509MT6UJkUG1zLAGn9aV4AVrROgAVCD4a3Y0=,tag:59kBGx9qx3jeauokyoolQQ==,type:str]
-    SECRET_KUBE_PROMETHEUS_STACK_GRAFANA_ADMIN_PASSWORD: ENC[AES256_GCM,data:L7LS6+tuwPCyb5HN4zg=,iv:JM2KTtDN/VrKicjp5qwqusWiJKHRZnfTtsZE2hkLq6Q=,tag:XGF3L5P6JxVBrlGuKosdZA==,type:str]
-    SECRET_RADARR_API_KEY: ENC[AES256_GCM,data:pLp3xExMkgqQ87YdODBPyLBOiIciVbL5PmwD2NpPiRM=,iv:8x4o3WDvYjAH/3Nv6wEwnjkznThVUI9lmg8HGaFV73o=,tag:tAvDHVYR04YMV1/MapmUew==,type:str]
-    SECRET_SONARR_API_KEY: ENC[AES256_GCM,data:a7EUykMkWEhRylmGKddQRDABZlhXxthjOAptUCMGCPY=,iv:0spVY/WIkFjaUYAcEdWhFSvjVgVwgfb9KH9sC9LB2Xs=,tag:3RkYLAAsf7XBLaTVq5Vm4Q==,type:str]
-type: Opaque
-sops:
-    age:
-        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVkZXb3RYbEZ5eTVSbmFE
-            R1QxMmw0ZzkvT0NIa01URTAvQ0xWa2tZKzNvCnl0UDQ1MGV6dEtuVEd2S0NhcThS
-            MGZ1VWNXMmxHSi90eFBGbXE2V0hwamcKLS0tIEp3a2ZTeTNyaXBhSW5nSU0yN1hu
-            WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
-            pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-26T15:40:29Z"
-    mac: ENC[AES256_GCM,data:OjhHJ7yQ9xmo2UO5MQWE77EozH8MJCOj03cmZVByBcgAlJNv+S6Zi+8woIg+HDyIAhjH95ruVPuGBbaMxVLfTVONMYfoMewyTHCXmInHRpe6yAkn2Iy2T/6aWUMUi6Lq8l8GJ7XZSgDcVIdbsPd4EW3FUX4U94FXcu+VXbuSYLo=,iv:MO/55Y3W9LZlj02AcXYo7SnokKqcIFHH9Zg3zpkj074=,tag:TY8Q8giPe6SX7aGkizxQqQ==,type:str]
-    encrypted_regex: ^(data|stringData)$
-    version: 3.10.2
--- a/kubernetes/apps/flux-system/vars/cluster-settings.yaml
+++ b/kubernetes/apps/flux-system/vars/cluster-settings.yaml
@@ -1,37 +0,0 @@
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  namespace: flux-system
-  name: cluster-settings
-data:
-  CILIUM_BGP_SVC_RANGE: 192.168.169.0/24
-  CILIUM_POD_CIDR: 10.69.0.0/16
-  CLUSTER_LB_K8SGATEWAY: 192.168.169.100
-  CLUSTER_LB_SMTP_RELAY: 192.168.169.102
-  CLUSTER_LB_UNIFI: 192.168.169.103
-  CLUSTER_LB_GITEA: 192.168.169.104
-  CLUSTER_LB_QBITTORRENT: 192.168.169.105
-  CLUSTER_LB_RESILIOSYNC_CLAUDE: 192.168.169.106
-  CLUSTER_LB_HASS: 192.168.169.107
-  CLUSTER_LB_VECTOR: 192.168.169.108
-  CLUSTER_LB_EMQX: 192.168.169.109
-  CLUSTER_LB_JELLYFIN: 192.168.169.110
-  CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111
-  CLUSTER_LB_MAILRISE: 192.168.169.112
-  CLUSTER_LB_REDIS: 192.168.169.113
-  CLUSTER_LB_FRIGATE: 192.168.169.114
-  CLUSTER_LB_CILIUM: 192.168.169.115
-  CLUSTER_LB_LMS: 192.168.169.116
-  CLUSTER_LB_TDARR: 192.168.169.117
-  CLUSTER_LB_POSTGRES: 192.168.169.118
-  CLUSTER_LB_NGINX_INTERNAL: 192.168.169.119
-  CLUSTER_LB_NGINX_EXTERNAL: 192.168.169.120
-  CLUSTER_LB_ENVOY_INTERNAL: 192.168.169.121
-  CLUSTER_LB_ENVOY_EXTERNAL: 192.168.169.122
-  CLUSTER_LB_MOQUITTO: 192.168.169.123
-  LOCAL_LAN: 192.168.8.0/22
-  LOCAL_LAN_OPNSENSE: 192.168.8.1
-  LOCAL_LAN_TRUENAS: 192.168.9.10
-  LOCAL_LAN_TRUENAS_REMOTE: 10.10.0.2
-  TIMEZONE: Europe/Paris
--- a/kubernetes/apps/flux-system/vars/kustomization.yaml
+++ b/kubernetes/apps/flux-system/vars/kustomization.yaml
@@ -1,7 +0,0 @@
---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./cluster-secrets.sops.yaml
-  - ./cluster-settings.yaml