✨ rotki

kubernetes/apps/default/kustomization.yaml

@@ -50,6 +50,7 @@ resources:
   - ./recyclarr/ks.yaml
   - ./redis/ks.yaml
   - ./resilio-sync/ks.yaml
+  - ./rotki/ks.yaml
   - ./sabnzbd/ks.yaml
   - ./semaphore/ks.yaml
   - ./sharry/ks.yaml

kubernetes/apps/default/rotki/app/backups/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./replicationsource.yaml
+  - ./restic.sops.yaml

kubernetes/apps/default/rotki/app/backups/replicationsource.yaml

@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: rotki
+  namespace: default
+spec:
+  sourcePVC: rotki-data
+  trigger:
+    schedule: "0 0 * * *"
+  restic:
+    copyMethod: Snapshot
+    pruneIntervalDays: 10
+    repository: rotki-restic
+    cacheCapacity: 2Gi
+    volumeSnapshotClassName: csi-ceph-blockpool
+    storageClassName: rook-ceph-block
+    moverSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568
+    retain:
+      daily: 10
+      within: 3d

kubernetes/apps/default/rotki/app/backups/restic.sops.yaml

@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: rotki-restic
+    namespace: default
+type: Opaque
+stringData:
+    #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+    RESTIC_REPOSITORY: ENC[AES256_GCM,data:IU7Q83lAnazSxoYcMsN2djwiJngk5oOIvdjJEuESImPnMNS9hPkmOWsa7mY6zjjSIvhrJQaCyA==,iv:m8Go13yi9NHHMMobBdJt9astdPLKUWJuFYMVkqz/U7o=,tag:FTwbnVEOzs9RkCJoZfJq4g==,type:str]
+    #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+    RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+    #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+    #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+    AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+    AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+            THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+            TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+            dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+            3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-04-19T17:42:15Z"
+    mac: ENC[AES256_GCM,data:i1HYpbjl5L/842T4lV/0FXereGe8y697YgHONGcd2MNtXX9r6dTkY8SXBYCP8r19jxLYF8MjDiJMagmalLbUM94mLbAfIMI25deJKCS/kLPlAF0oagjm9Mg9gsNGlOQS1H6onmDb19vUntqk3GYx+z8zgGysqPIxKW2qHbKYdH4=,iv:MY6BKVRO0c0YWYJOsSObc59bk79m4kEjBioAbj0XLdM=,tag:7AtBmx4gO8AaI0QxLLLdqA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3

kubernetes/apps/default/rotki/app/config/rotki_config.json

@@ -0,0 +1,9 @@
+{
+  "loglevel": "debug",
+  "logfromothermodules": false,
+  "log-dir": "/tmp",
+  "data-dir": "/data",
+  "sleep-secs": 20,
+  "max_size_in_mb_all_logs": 500,
+  "max_logfiles_num": 2
+}

kubernetes/apps/default/rotki/app/helmrelease.yaml

@@ -0,0 +1,77 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app rotki
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controller:
+      annotations:
+        reloader.stakater.com/auto: "true"
+    image:
+      repository: docker.io/rotki/rotki
+      tag: v1.27.1
+    env:
+      TZ: ${TIMEZONE}
+      LOGLEVEL: info
+      LOGFROMOTHERMODDULES: true
+      MAX_SIZE_IN_MB_ALL_LOGS: 550
+      MAX_LOGFILES_NUM: 3
+      SQLITE_INSTRUCTIONS: 0
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: rotki-configmap
+        subPath: rotki_config.json
+        mountPath: /config/rotki_config.json
+        readOnly: true
+      data:
+        enabled: true
+        existingClaim: rotki-data
+        mountPath: /data
+    service:
+      main:
+        ports:
+          http:
+            port: 8084
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        annotations:
+          hajimari.io/icon: mdi:cash-multiple
+        hosts:
+          - host: &host "rotki.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi

kubernetes/apps/default/rotki/app/kustomization.yaml

@@ -0,0 +1,16 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./backups
+  - ./helmrelease.yaml
+  - ./volume.yaml
+
+configMapGenerator:
+  - name: rotki-configmap
+    files:
+      - ./config/rotki_config.json
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/apps/default/rotki/app/volume.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: rotki-data
+  namespace: default
+  labels:
+    app.kubernetes.io/name: &name rotki
+    app.kubernetes.io/instance: *name
+    snapshot.home.arpa/enabled: "true"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 1Gi

kubernetes/apps/default/rotki/ks.yaml

@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: cluster-apps-rotki
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  path: ./kubernetes/apps/default/rotki/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  dependsOn:
+    - name: cluster-apps-cloudnative-pg-cluster
+    - name: cluster-apps-rook-ceph-cluster
+    - name: cluster-apps-volsync-app
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: rotki
+      namespace: default
+  interval: 30m
+  retryInterval: 1m
+  timeout: 3m