diff --git a/infrastructure/ansible/roles/coreelec/tasks/backup.yml b/infrastructure/ansible/roles/coreelec/tasks/backup.yml index 7b123e10b..a34635a6b 100644 --- a/infrastructure/ansible/roles/coreelec/tasks/backup.yml +++ b/infrastructure/ansible/roles/coreelec/tasks/backup.yml @@ -10,4 +10,4 @@ name: "daily backup" minute: "14" hour: "4" - job: "/storage/backup.bash && curl -fsS -m 10 --retry 5 -o /dev/null https://healthchecks.{{ secret_cluster_domain }}/ping/aae30879-cfdf-4b90-889f-d4ff69dd8aad" + job: "/storage/backup.bash && curl -fsS -m 10 --retry 5 -o /dev/null https://uptime-kuma.{{ secret_cluster_domain }}api/push/peJYY3K5sH?status=up&msg=OK&ping=" diff --git a/kubernetes/base/config/cluster-secrets.sops.yaml b/kubernetes/base/config/cluster-secrets.sops.yaml index ddd4b5a3b..4f9ac1532 100644 --- a/kubernetes/base/config/cluster-secrets.sops.yaml +++ b/kubernetes/base/config/cluster-secrets.sops.yaml @@ -17,7 +17,6 @@ stringData: SECRET_GITEA_API_TOKEN: ENC[AES256_GCM,data:A5zJGhQdlWUAagcPIvCIzvpeyzVaV5uDGegjvW4zl6X9kYDxG7JDUA==,iv:kogD/wl3KTlVE4by96vyEwTCMEmzbmEKmcAVK+8OjnI=,tag:PLbEaJQI7fWKz0tQSO35iA==,type:str] SECRET_GITEA_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:VWetZHP8haXPy1r20RMJvECxEWw=,iv:B3+rjPXWSbyCdi4KAy/FeMbtNUv40UIWN462OWfv9Ww=,tag:5wK7nUGu7HmdC90d2jllwQ==,type:str] SECRET_GRAFANA_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:3igfeqGHygjnmJXnoiKV7W8Tm2M=,iv:Hrjh38GuRvzS4Hi69QftBhaAJ02is5B0E5h23XICpUc=,tag:O4JFVSaoTQDhf3QZPLbn1Q==,type:str] - SECRET_HEALTHCHECKS_PING_KEY: ENC[AES256_GCM,data:ik/lEfCHBKcgnc+zRDrkhw3ykbITSw==,iv:XYqxF9yuRbR+WECjC+0xaT8V4qKYpdsWoNCzfzr33cc=,tag:AZBATumRJMbsLBw2XttV/w==,type:str] SECRET_INVIDIOUS_DB_USER: ENC[AES256_GCM,data:snjA33syqy4X,iv:OF8LJSTdcIGgwAJPmS0HdCz0adsTuTwZ5zfuvJrA7fs=,tag:E4EnsKWITN4l6qnuxZ3A5g==,type:str] SECRET_INVIDIOUS_DB_PASSWORD: ENC[AES256_GCM,data:jmHWk/hXAb9E97CEa4w=,iv:RYnGwoCy+RyVDdKVOXWFWPB/dqF2vPlx7ofRApEAsMg=,tag:nEydKLEw6mHJetEVa+NFzQ==,type:str] SECRET_K10_HTPASSWD: ENC[AES256_GCM,data:u89AKCM/FSXn6Czo6KnG1rqkxclczczcE+wz7GMWU2HIoC9qUzqHvFKe7w==,iv:ZjE1p2P65TbSeVk0oXiWd4nH+7zNWonTjWYNmb3NFg0=,tag:UJn01B6MdJDHv1fN8mV21g==,type:str] @@ -50,8 +49,8 @@ sops: WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-19T03:54:00Z" - mac: ENC[AES256_GCM,data:OTGwsnmD9ZMe3WJ+g2OOtd9wV2U8VC/HAew9uQ3WGv/I8lChcYl+2Q8JOH3GNQXghnME5OVuXCXK2Ax75p1DO1eXcR3NfTT2/uEeu3Ttdc0PRKynxEkmVQSZE8LrBzBHl+uiNhjOqHeMnw7JTAyRBwBoXJqpbWVAvkpsZ1PQbDY=,iv:nOoyPOesi+/NEywQF25smTgisS+b9vFnfPL71P785hU=,tag:zbhrHCwFs3F77oXcyYXA9A==,type:str] + lastmodified: "2022-11-20T23:46:49Z" + mac: ENC[AES256_GCM,data:ehlZ+IbEfOhDQYxKgLKhzleIYV3uVGVuRfeRd408aV3Zejaq5zEb3l3kmD/r0zn3HCge5g3zUWQpUdaJsnQwJ+pDZcItxaiDG76PFjjFAykfv/tl/R3lPsGuo0kOJ6UXheH/v2BHc6UKFsC70e/WYstAAeR13NU0kVPuZZ2UgVM=,iv:a9MMQAG7Xmsa8/+OAiY4VFCrTbkfVHl0S5DCnzmyKKE=,tag:92ZIqLEiAnCeaxKc4RwdlQ==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml index 8f2379ba3..10ecaaf73 100644 --- a/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml @@ -47,7 +47,7 @@ spec: - name: POSTGRES_HOST value: postgres-rw.default.svc.cluster.local. - name: POSTGRES_DB - value: "drone,freshrss,gitea,healthchecks,invidious,joplin,lychee,recipes,sharry,outline,vaultwarden,vikunja,wallabag" + value: "drone,freshrss,gitea,invidious,joplin,lychee,recipes,sharry,outline,vaultwarden,vikunja,wallabag" - name: POSTGRES_USER valueFrom: secretKeyRef: @@ -69,8 +69,7 @@ spec: - name: HEALTHCHECK_PORT value: "8080" - name: WEBHOOK_URL - value: http://healthchecks.default.svc.cluster.local.:/ping/${SECRET_HEALTHCHECKS_PING_KEY}/postgresql-backup - + value: https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/45cHKtahUg?status=up&msg=OK&ping= command: - "/backup.sh" volumeMounts: diff --git a/kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml b/kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml index ff1e75f09..4c08b4c9e 100644 --- a/kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml @@ -102,7 +102,7 @@ spec: done done echo "INFO: Backup done" - curl -m 10 --retry 5 https://healthchecks.${SECRET_CLUSTER_DOMAIN}/ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-gitea-repositories-backup + curl -m 10 --retry 5 https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/Xk21W4T5mC?status=up&msg=OK&ping= EOF volumeMounts: - name: secret diff --git a/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml index 60f31b0ba..dff23dc8e 100644 --- a/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml @@ -60,7 +60,7 @@ spec: echo $QBITTORRENT_POD | grep qbittorrent if [[ $(echo $QBITTORRENT_POD | grep qbittorrent) ]]; then kubectl cp /tmp/ipfilter.dat default/$QBITTORRENT_POD:/config/ipfilter.dat - kubectl rollout restart deployment qbittorrent --namespace default && curl -m 10 --retry 5 http://healthchecks.default.svc.cluster.local.:/ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-qbittorrent-p2pblocklist + kubectl rollout restart deployment qbittorrent --namespace default && curl -m 10 --retry 5 https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/6RUDha9bDp?status=up&msg=OK&ping= else echo "qbittorrent deployment not found" exit 1 diff --git a/kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml index 1d2bbc4db..e6ad58950 100644 --- a/kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml @@ -70,7 +70,7 @@ spec: - | #!/bin/bash - /app/recyclarr sonarr --config /config/recyclarr.yaml && curl -fsS -m 10 --retry 5 -o /dev/null http://healthchecks.default.svc.cluster.local./ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-recyclarr-sonarr + /app/recyclarr sonarr --config /config/recyclarr.yaml && curl -fsS -m 10 --retry 5 -o /dev/null https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/eaNLvqhfn2?status=up&msg=OK&ping= volumeMounts: - name: shared mountPath: /config/recyclarr.yaml @@ -87,7 +87,7 @@ spec: - | #!/bin/bash - /app/recyclarr radarr --config /config/recyclarr.yaml && curl -fsS -m 10 --retry 5 -o /dev/null http://healthchecks.default.svc.cluster.local./ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-recyclarr-radarr + /app/recyclarr radarr --config /config/recyclarr.yaml && curl -fsS -m 10 --retry 5 -o /dev/null https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/N7OJBSgxD7?status=up&msg=OK&ping= volumeMounts: - name: shared mountPath: /config/recyclarr.yaml diff --git a/kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml deleted file mode 100644 index ab10f48e0..000000000 --- a/kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml +++ /dev/null @@ -1,66 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app healthchecks - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.0.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - dependsOn: - - name: postgres-cluster - namespace: default - values: - image: - repository: ghcr.io/auricom/healthchecks - tag: v2.3@sha256:69e31f3bc5fb7e46e851922f83055e201ee41458d9fa8089225ef616106f5d32 - pullPolicy: IfNotPresent - envFrom: - - secretRef: - name: *app - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: "OnRootMismatch" - service: - main: - ports: - http: - port: 80 - ingress: - main: - enabled: true - ingressClassName: "nginx" - annotations: - external-dns.home.arpa/enabled: "true" - hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - podAnnotations: - secret.reloader.stakater.com/reload: *app - resources: - requests: - cpu: 50m - memory: 250Mi - limits: - memory: 500Mi diff --git a/kubernetes/cluster-0/apps/monitoring/healthchecks/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/kustomization.yaml deleted file mode 100644 index 84817374d..000000000 --- a/kubernetes/cluster-0/apps/monitoring/healthchecks/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - secret.sops.yaml - - helm-release.yaml -patchesStrategicMerge: - - patches/env.yaml - - patches/postgres.yaml diff --git a/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/env.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/env.yaml deleted file mode 100644 index 487f85bc9..000000000 --- a/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/env.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: healthchecks - namespace: default -spec: - values: - env: - REGENERATE_SETTINGS: "True" - EMAIL_USE_TLS: "True" - ALLOWED_HOSTS: "*" - DEBUG: "False" - DB: postgres - DB_HOST: postgres-rw.default.svc.cluster.local. - DB_PORT: 5432 - DB_NAME: healthchecks - SITE_ROOT: "https://healthchecks.${SECRET_CLUSTER_DOMAIN}" - SITE_NAME: "HealthChecks" - SITE_LOGO_URL: "https://healthchecks.io/static/img/logo-rounded-ua.svg" diff --git a/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/postgres.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/postgres.yaml deleted file mode 100644 index 8eaae75c9..000000000 --- a/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/postgres.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: healthchecks - namespace: default -spec: - values: - initContainers: - init-db: - image: ghcr.io/onedr0p/postgres-initdb:14.5 - env: - - name: POSTGRES_HOST - value: postgres-rw.default.svc.cluster.local. - - name: POSTGRES_DB - value: healthchecks - - name: POSTGRES_SUPER_PASS - valueFrom: - secretKeyRef: - name: postgres-superuser - key: password - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: healthchecks - key: DB_USER - - name: POSTGRES_PASS - valueFrom: - secretKeyRef: - name: healthchecks - key: DB_PASSWORD diff --git a/kubernetes/cluster-0/apps/monitoring/healthchecks/secret.sops.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/secret.sops.yaml deleted file mode 100644 index facc84177..000000000 --- a/kubernetes/cluster-0/apps/monitoring/healthchecks/secret.sops.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# yamllint disable -apiVersion: v1 -kind: Secret -metadata: - name: healthchecks - namespace: default -type: Opaque -stringData: - DB_USER: ENC[AES256_GCM,data:mfYKYmHZhc+s8N6m,iv:0umKcprp+zVwfbwp5jxpsJ9quv7lzn+mvi9jWNTW0gI=,tag:Kk8aBOTqh5A64VvmKqjbzA==,type:str] - DB_PASSWORD: ENC[AES256_GCM,data:QSGTKKeaBy6NuZdoED+p4g==,iv:W0i0JijdhsUiInfgjSBXjvqH2+s0GNO4AlDdNN8sGkE=,tag:TYIzK///ogBQw3XOpYQyPg==,type:str] - SECRET_KEY: ENC[AES256_GCM,data:7YXTBXl5iqxvPdNDIYl5dAVqn4kVhasWZwl+1PvgGvo=,iv:5xUrrZg3pZUNHoXM8Bt7ngxrVwZq4pMmrOFx8e7LPYo=,tag:DvdhKRtclrXM633quMxsvg==,type:str] - SUPERUSER_EMAIL: ENC[AES256_GCM,data:VQ6SYPzfMCVCH+TtayFT5kKjjMjOYVgyXCPK,iv:RK+Pg4BGE6qQXbkquxaXwkNvR3tJRmZ35rND+29ls48=,tag:wLtaGVwHGmGsn25ftUaT+w==,type:str] - SUPERUSER_PASSWORD: ENC[AES256_GCM,data:7EeA7/y7iEB6WURvrQFuUg==,iv:tcB4cjqJqle8IaNOWJ5TtETMn4BOTToqkw3CStX3D8M=,tag:TClUavZxYSfhp526h98NWg==,type:str] - PUSHOVER_API_TOKEN: ENC[AES256_GCM,data:b6JP2FoXz8QSC/+AQKiZIpaU1NWwyOV/PL6chtU1,iv:mf6aSEXXw+78XAOQqti02zIFUc6GlZvxJb3kZ5+UpQE=,tag:mfB5LLSgdvrYXXxir+4jzA==,type:str] - PUSHOVER_SUBSCRIPTION_URL: ENC[AES256_GCM,data:oXfI2LOf1nwze5httLjpG8/oQxIeRyLDthvAn6NQBfNwazXYpEv8i/FaPYSALP4oosLCoIma3PNYhuo=,iv:WG7o2AeC0GMBCVcDeO38Vnz5kCoVuOPKbR+/968DZpQ=,tag:rSvm4mywMIWS0LHZW2GN5Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2V0hmQWNHL0EvYnRUVnNF - Qk0xUU12ajAvUWh3clVJRDg1T2ZLd0lJdkQwCjh2OUpWMG5jZXRaeHdBTkJTajdZ - QnFQbW0zcm5lWVo3TTh0SVVHdmRPYjgKLS0tIFRsVTJCa2Znb0I4dnlYQzJkZ1hp - dEhUSi9lckpDdjQ0V1had1NXbloybWMKfIQ1YXsdylckxfJCAUxodAUPwRkkAUoH - 1Crcyha4iZFjqIQ6QfiGdA1PWScj3p13OGKL80bISJ50Ccupv0vl8Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-15T13:56:57Z" - mac: ENC[AES256_GCM,data:rNzSeMPySMFt3brM3cH0dwYeZ1RUkymNcfq1AulLxK/LERHXj8KJxwRrdKed+SP/CF3ZBDs1NqhLNeFx4/EUzSsXafLI1G4zkx7sGyi16ECyWsu1Eu7aeqS6VgjId9jPcVNBjlhX836zXMSgsPyeSap6CJET6omZKZH81vXruUk=,iv:F7ucOGglLmXzo33T2gfOJ6NtOAHF9MzY3KiSV1VH4f8=,tag:6qghF9mBqZzosRf30YKFEA==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 diff --git a/kubernetes/cluster-0/apps/monitoring/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/kustomization.yaml index c698c1d24..ba682d82b 100644 --- a/kubernetes/cluster-0/apps/monitoring/kustomization.yaml +++ b/kubernetes/cluster-0/apps/monitoring/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - grafana - - healthchecks - kube-prometheus-stack - thanos - uptime-kuma