feat: remove truenas stuff

2025-09-17 18:24:14 +02:00 · 2024-05-16 03:45:24 +02:00
parent da83a983cb
commit a0da057fd0
11 changed files with 54 additions and 26 deletions
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -0,0 +1,5 @@
+{
+    "recommendations": [
+        "zamerick.vscode-caddyfile-syntax"
+    ]
+}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "yaml.schemas": {
+        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks": "file:///var/home/claude/repositories/auricom/home-ops/ansible/roles/storage/tasks/quadlets/traefik.yml"
+    }
+}
--- a/ansible/inventory/host_vars/storage.sops.yaml
+++ b/ansible/inventory/host_vars/storage.sops.yaml
@@ -0,0 +1,29 @@
+kind: Secret
+ansible_password: ENC[AES256_GCM,data:QKiW/9ARHg==,iv:UEAQglzSMYkWDoBvrdtEf3RE6FlBX8y0QZwqZWv6fdY=,tag:9N5onkoUBAAZsHp1bDKoCg==,type:str]
+ansible_become_pass: ENC[AES256_GCM,data:xF8pLJRXLQ==,iv:cv0e1CoAoOoSlI1D7yxl1BSKaSuttyCkBg9+63ohvxM=,tag:GYu39reCXDM6Uu2j7FVybA==,type:str]
+minio_root_user: ENC[AES256_GCM,data:DdNuALL99AnFr272Gs0noQ==,iv:Fx9XZQblytbMFOFMC2ay/l+eFR26ufNcLJfIEbPuSDg=,tag:00llM76qqqCNzp3XxDqwOg==,type:str]
+minio_root_password: ENC[AES256_GCM,data:MQK+WFFstwnPVBJve4Y/Ag==,iv:et4mljyjUUE54glfK5JLBwXquZMBOiU54yXj3VCtExc=,tag:lknG5JeBqyJs1zd461tTzw==,type:str]
+ovh_endpoint: ENC[AES256_GCM,data:bKy/sMlw,iv:o6lc/f/S5QOkDHF8iLJinOV93joLGP9YHINDc/AuivE=,tag:4mB81IJthXJf2V4Qv591pA==,type:str]
+ovh_application_key: ENC[AES256_GCM,data:XUZMwWrwSDUk+VyQXHyhdA==,iv:0PAKRsCiTeIy4d6S8aF3T3pp/GPNXWCMCKBGo6t+aQQ=,tag:UWlkrvXZS1vP1GUSMs3hGw==,type:str]
+ovh_application_secret: ENC[AES256_GCM,data:debtTD7GbiLrFwMtFkh7UHBbxMtcjIUXnWVgLy76Vi4=,iv:tNwTr+0P/r9/FSjVlCuVXYFpOyZJWvvsVwUr4FNIVRs=,tag:eeju5p9AywRLkJuXNuyHhA==,type:str]
+ovh_consumer_key: ENC[AES256_GCM,data:mfA7cEa5aHowmUEpUZn6N3ylb2bjdj2ejwgZDLjrnNM=,iv:aYDHOqeoa5Q4SBQj3upBfW9u0hVOqM7IGBObkt1Ap0c=,tag:1yVumvVlvI77PrOiX1pgYQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVllLOFcwWXVoNXZobFF1
+            VGJmczlkL1V3blhvcnFzN2V6S1B1Ui81alRNClVEUWFmSWxKbENBRVZJN01PSWM5
+            d2M3OHFhOGpadEdrWUIxZGpMNTR2aVkKLS0tIE84ZkxzTlBpZVlqR2xQRmM0V0ZR
+            aG5zWW1XclBOS2cxMkwzZ3c1R1psNGsKzeSHHV7AYXCUNiiXJlBRFVWMZtfK3naj
+            VRtF22+DYfjumQuwam2ZzhdLQ//1ciHnkJc58dKeTbYUHzC+fWpaZQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-10T19:19:48Z"
+    mac: ENC[AES256_GCM,data:zZMPejKZawGE/ejtG5Kue8efIKY8pRH0v/cO4pfH1M6zHpAg2eaDG1wWPC2O7xbEfkUstGu8YFNVPO+tOYWR5oGBEbeJVm/ZieolHOWYcCasBDgnUX3UnPXibvevbm7xxC9o8mdRH9rENzQo4NZEv1/y9sCXLtQvtsfVswmywKA=,iv:JezVNspVQP3wLfneM1L1U+QDom88l01Q+lwFJNJmco8=,tag:IRc1hvPvsfvvXb51PKx4cg==,type:str]
+    pgp: []
+    unencrypted_regex: ^(kind)$
+    version: 3.8.1
--- a/ansible/playbooks/storage.yml
+++ b/ansible/playbooks/storage.yml
@@ -0,0 +1,7 @@
+---
+- hosts: storage
+  become: false
+  gather_facts: true
+  any_errors_fatal: true
+  roles:
+    - role: storage
--- a/kubernetes/apps/default/hajimari/app/helmrelease.yaml
+++ b/kubernetes/apps/default/hajimari/app/helmrelease.yaml
@@ -59,9 +59,6 @@ spec:
            - name: opnsense
              icon: mdi:router-network
              url: "https://opnsense.${SECRET_DOMAIN}"
-            - name: truenas
-              icon: mdi:nas
-              url: "https://truenas.${SECRET_DOMAIN}"
            - name: truenas-remote
              icon: mdi:nas
              url: "https://truenas-remote.${SECRET_DOMAIN}"
--- a/kubernetes/apps/default/homelab/ks.yaml
+++ b/kubernetes/apps/default/homelab/ks.yaml
@@ -24,9 +24,6 @@ spec:
  postBuild:
    substitute:
      APP: *app
-      GATUS_SUBDOMAIN: minio
-      GATUS_DOMAIN: ${SECRET_DOMAIN}
-      GATUS_PATH: :9001
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
@@ -79,5 +76,3 @@ spec:
  postBuild:
    substitute:
      APP: *app
-      GATUS_SUBDOMAIN: truenas
-      GATUS_DOMAIN: ${SECRET_DOMAIN}
--- a/kubernetes/apps/default/homelab/minio/kustomization.yaml
+++ b/kubernetes/apps/default/homelab/minio/kustomization.yaml
@@ -6,4 +6,3 @@ namespace: default
 resources:
  - ./backup
  - ./externalsecret.yaml
-  - ../../../../templates/gatus/guarded
--- a/kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml
+++ b/kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml
@@ -35,16 +35,6 @@ spec:
          concurrencyPolicy: Forbid
          schedule: "@daily"
        containers:
-          app:
-            image:
-              repository: ghcr.io/auricom/kubectl
-              tag: 1.29.2@sha256:693ced2697bb7c7349419d4035a62bd474fc41710675b344f71773d8a687dfc3
-            command: [/bin/bash, /app/truenas-backup.sh]
-            env:
-              HOSTNAME: truenas
-            envFrom: &envFrom
-              - secretRef:
-                  name: &secret homelab-truenas-secret
          truenas-remote-backup:
            image:
              repository: ghcr.io/auricom/kubectl
@@ -52,7 +42,9 @@ spec:
            command: [/bin/bash, /app/truenas-backup.sh]
            env:
              HOSTNAME: truenas-remote
-            envFrom: *envFrom
+            envFrom:
+              - secretRef:
+                  name: &secret homelab-truenas-secret
    service:
      app:
        controller: *app
--- a/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh
+++ b/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh
@@ -9,21 +9,21 @@ chmod 600 ~/.ssh/id_rsa

 printf -v aws_access_key_id_str %q "$TRUENAS_AWS_ACCESS_KEY_ID"
 printf -v aws_secret_access_key_str %q "$TRUENAS_AWS_SECRET_ACCESS_KEY"
-printf -v secret_domain_str %q "$SECRET_DOMAIN"
+printf -v secret_internal_domain_str %q "$SECRET_INTERNAL_DOMAIN"


-ssh -o StrictHostKeyChecking=no root@${HOSTNAME}.${SECRET_DOMAIN} "/bin/bash -s $aws_access_key_id_str $aws_secret_access_key_str $secret_domain_str" << 'EOF'
+ssh -o StrictHostKeyChecking=no root@${HOSTNAME}.${SECRET_INTERNAL_DOMAIN} "/bin/bash -s $aws_access_key_id_str $aws_secret_access_key_str $secret_internal_domain_str" << 'EOF'

 set -o nounset
 set -o errexit

 AWS_ACCESS_KEY_ID=$1
 AWS_SECRET_ACCESS_KEY=$2
-SECRET_DOMAIN=$3
+SECRET_INTERNAL_DOMAIN=$3

 config_filename="$(date "+%Y%m%d-%H%M%S").tar"

-http_host=truenas.${SECRET_DOMAIN}
+http_host=s3.${SECRET_INTERNAL_DOMAIN}
 http_request_date=$(date -R)
 http_content_type="application/x-tar"
 http_filepath="truenas/$(hostname)/${config_filename}"
--- a/kubernetes/apps/default/homelab/truenas/kustomization.yaml
+++ b/kubernetes/apps/default/homelab/truenas/kustomization.yaml
@@ -7,4 +7,3 @@ resources:
  - ./backup
  - ./externalsecret.yaml
  - ./photo-sort
-  - ../../../../templates/gatus/guarded
--- a/kubernetes/apps/default/homelab/truenas/photo-sort/helmrelease.yaml
+++ b/kubernetes/apps/default/homelab/truenas/photo-sort/helmrelease.yaml
@@ -3,7 +3,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
-  name: &app homelab-truenas-photo-sort
+  name: &app homelab-storage-photo-sort
  namespace: default
 spec:
  interval: 30m