diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 000000000..45b37b70d --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,5 @@ +{ + "recommendations": [ + "zamerick.vscode-caddyfile-syntax" + ] +} diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 000000000..6e97632b6 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "yaml.schemas": { + "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks": "file:///var/home/claude/repositories/auricom/home-ops/ansible/roles/storage/tasks/quadlets/traefik.yml" + } +} diff --git a/ansible/inventory/host_vars/storage.sops.yaml b/ansible/inventory/host_vars/storage.sops.yaml new file mode 100644 index 000000000..fd1cfbefb --- /dev/null +++ b/ansible/inventory/host_vars/storage.sops.yaml @@ -0,0 +1,29 @@ +kind: Secret +ansible_password: ENC[AES256_GCM,data:QKiW/9ARHg==,iv:UEAQglzSMYkWDoBvrdtEf3RE6FlBX8y0QZwqZWv6fdY=,tag:9N5onkoUBAAZsHp1bDKoCg==,type:str] +ansible_become_pass: ENC[AES256_GCM,data:xF8pLJRXLQ==,iv:cv0e1CoAoOoSlI1D7yxl1BSKaSuttyCkBg9+63ohvxM=,tag:GYu39reCXDM6Uu2j7FVybA==,type:str] +minio_root_user: ENC[AES256_GCM,data:DdNuALL99AnFr272Gs0noQ==,iv:Fx9XZQblytbMFOFMC2ay/l+eFR26ufNcLJfIEbPuSDg=,tag:00llM76qqqCNzp3XxDqwOg==,type:str] +minio_root_password: ENC[AES256_GCM,data:MQK+WFFstwnPVBJve4Y/Ag==,iv:et4mljyjUUE54glfK5JLBwXquZMBOiU54yXj3VCtExc=,tag:lknG5JeBqyJs1zd461tTzw==,type:str] +ovh_endpoint: ENC[AES256_GCM,data:bKy/sMlw,iv:o6lc/f/S5QOkDHF8iLJinOV93joLGP9YHINDc/AuivE=,tag:4mB81IJthXJf2V4Qv591pA==,type:str] +ovh_application_key: ENC[AES256_GCM,data:XUZMwWrwSDUk+VyQXHyhdA==,iv:0PAKRsCiTeIy4d6S8aF3T3pp/GPNXWCMCKBGo6t+aQQ=,tag:UWlkrvXZS1vP1GUSMs3hGw==,type:str] +ovh_application_secret: ENC[AES256_GCM,data:debtTD7GbiLrFwMtFkh7UHBbxMtcjIUXnWVgLy76Vi4=,iv:tNwTr+0P/r9/FSjVlCuVXYFpOyZJWvvsVwUr4FNIVRs=,tag:eeju5p9AywRLkJuXNuyHhA==,type:str] +ovh_consumer_key: ENC[AES256_GCM,data:mfA7cEa5aHowmUEpUZn6N3ylb2bjdj2ejwgZDLjrnNM=,iv:aYDHOqeoa5Q4SBQj3upBfW9u0hVOqM7IGBObkt1Ap0c=,tag:1yVumvVlvI77PrOiX1pgYQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVllLOFcwWXVoNXZobFF1 + VGJmczlkL1V3blhvcnFzN2V6S1B1Ui81alRNClVEUWFmSWxKbENBRVZJN01PSWM5 + d2M3OHFhOGpadEdrWUIxZGpMNTR2aVkKLS0tIE84ZkxzTlBpZVlqR2xQRmM0V0ZR + aG5zWW1XclBOS2cxMkwzZ3c1R1psNGsKzeSHHV7AYXCUNiiXJlBRFVWMZtfK3naj + VRtF22+DYfjumQuwam2ZzhdLQ//1ciHnkJc58dKeTbYUHzC+fWpaZQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-10T19:19:48Z" + mac: ENC[AES256_GCM,data:zZMPejKZawGE/ejtG5Kue8efIKY8pRH0v/cO4pfH1M6zHpAg2eaDG1wWPC2O7xbEfkUstGu8YFNVPO+tOYWR5oGBEbeJVm/ZieolHOWYcCasBDgnUX3UnPXibvevbm7xxC9o8mdRH9rENzQo4NZEv1/y9sCXLtQvtsfVswmywKA=,iv:JezVNspVQP3wLfneM1L1U+QDom88l01Q+lwFJNJmco8=,tag:IRc1hvPvsfvvXb51PKx4cg==,type:str] + pgp: [] + unencrypted_regex: ^(kind)$ + version: 3.8.1 diff --git a/ansible/playbooks/storage.yml b/ansible/playbooks/storage.yml new file mode 100644 index 000000000..fe7f4a931 --- /dev/null +++ b/ansible/playbooks/storage.yml @@ -0,0 +1,7 @@ +--- +- hosts: storage + become: false + gather_facts: true + any_errors_fatal: true + roles: + - role: storage diff --git a/kubernetes/apps/default/hajimari/app/helmrelease.yaml b/kubernetes/apps/default/hajimari/app/helmrelease.yaml index e5c12f2b5..a3f8f1529 100644 --- a/kubernetes/apps/default/hajimari/app/helmrelease.yaml +++ b/kubernetes/apps/default/hajimari/app/helmrelease.yaml @@ -59,9 +59,6 @@ spec: - name: opnsense icon: mdi:router-network url: "https://opnsense.${SECRET_DOMAIN}" - - name: truenas - icon: mdi:nas - url: "https://truenas.${SECRET_DOMAIN}" - name: truenas-remote icon: mdi:nas url: "https://truenas-remote.${SECRET_DOMAIN}" diff --git a/kubernetes/apps/default/homelab/ks.yaml b/kubernetes/apps/default/homelab/ks.yaml index 8d93f72b0..629bbeeba 100644 --- a/kubernetes/apps/default/homelab/ks.yaml +++ b/kubernetes/apps/default/homelab/ks.yaml @@ -24,9 +24,6 @@ spec: postBuild: substitute: APP: *app - GATUS_SUBDOMAIN: minio - GATUS_DOMAIN: ${SECRET_DOMAIN} - GATUS_PATH: :9001 --- # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -79,5 +76,3 @@ spec: postBuild: substitute: APP: *app - GATUS_SUBDOMAIN: truenas - GATUS_DOMAIN: ${SECRET_DOMAIN} diff --git a/kubernetes/apps/default/homelab/minio/kustomization.yaml b/kubernetes/apps/default/homelab/minio/kustomization.yaml index 924ba3904..96d93b3f1 100644 --- a/kubernetes/apps/default/homelab/minio/kustomization.yaml +++ b/kubernetes/apps/default/homelab/minio/kustomization.yaml @@ -6,4 +6,3 @@ namespace: default resources: - ./backup - ./externalsecret.yaml - - ../../../../templates/gatus/guarded diff --git a/kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml b/kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml index 17764e3b0..eda3fde1c 100644 --- a/kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml +++ b/kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml @@ -35,16 +35,6 @@ spec: concurrencyPolicy: Forbid schedule: "@daily" containers: - app: - image: - repository: ghcr.io/auricom/kubectl - tag: 1.29.2@sha256:693ced2697bb7c7349419d4035a62bd474fc41710675b344f71773d8a687dfc3 - command: [/bin/bash, /app/truenas-backup.sh] - env: - HOSTNAME: truenas - envFrom: &envFrom - - secretRef: - name: &secret homelab-truenas-secret truenas-remote-backup: image: repository: ghcr.io/auricom/kubectl @@ -52,7 +42,9 @@ spec: command: [/bin/bash, /app/truenas-backup.sh] env: HOSTNAME: truenas-remote - envFrom: *envFrom + envFrom: + - secretRef: + name: &secret homelab-truenas-secret service: app: controller: *app diff --git a/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh b/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh index afa4db841..3ccdf35fd 100755 --- a/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh +++ b/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh @@ -9,21 +9,21 @@ chmod 600 ~/.ssh/id_rsa printf -v aws_access_key_id_str %q "$TRUENAS_AWS_ACCESS_KEY_ID" printf -v aws_secret_access_key_str %q "$TRUENAS_AWS_SECRET_ACCESS_KEY" -printf -v secret_domain_str %q "$SECRET_DOMAIN" +printf -v secret_internal_domain_str %q "$SECRET_INTERNAL_DOMAIN" -ssh -o StrictHostKeyChecking=no root@${HOSTNAME}.${SECRET_DOMAIN} "/bin/bash -s $aws_access_key_id_str $aws_secret_access_key_str $secret_domain_str" << 'EOF' +ssh -o StrictHostKeyChecking=no root@${HOSTNAME}.${SECRET_INTERNAL_DOMAIN} "/bin/bash -s $aws_access_key_id_str $aws_secret_access_key_str $secret_internal_domain_str" << 'EOF' set -o nounset set -o errexit AWS_ACCESS_KEY_ID=$1 AWS_SECRET_ACCESS_KEY=$2 -SECRET_DOMAIN=$3 +SECRET_INTERNAL_DOMAIN=$3 config_filename="$(date "+%Y%m%d-%H%M%S").tar" -http_host=truenas.${SECRET_DOMAIN} +http_host=s3.${SECRET_INTERNAL_DOMAIN} http_request_date=$(date -R) http_content_type="application/x-tar" http_filepath="truenas/$(hostname)/${config_filename}" diff --git a/kubernetes/apps/default/homelab/truenas/kustomization.yaml b/kubernetes/apps/default/homelab/truenas/kustomization.yaml index 81c3eeed3..05b6d18ed 100644 --- a/kubernetes/apps/default/homelab/truenas/kustomization.yaml +++ b/kubernetes/apps/default/homelab/truenas/kustomization.yaml @@ -7,4 +7,3 @@ resources: - ./backup - ./externalsecret.yaml - ./photo-sort - - ../../../../templates/gatus/guarded diff --git a/kubernetes/apps/default/homelab/truenas/photo-sort/helmrelease.yaml b/kubernetes/apps/default/homelab/truenas/photo-sort/helmrelease.yaml index e831a6d96..1ed120993 100644 --- a/kubernetes/apps/default/homelab/truenas/photo-sort/helmrelease.yaml +++ b/kubernetes/apps/default/homelab/truenas/photo-sort/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: - name: &app homelab-truenas-photo-sort + name: &app homelab-storage-photo-sort namespace: default spec: interval: 30m