feat: archive homelab-truenas

kubernetes/apps/default/homelab/ks.yaml

@@ -55,14 +55,14 @@ spec:
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: &app homelab-truenas
+  name: &app homelab-storage
   namespace: flux-system
 spec:
   targetNamespace: default
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/default/homelab/truenas
+  path: ./kubernetes/apps/default/homelab/storage
   prune: true
   sourceRef:
     kind: GitRepository

kubernetes/apps/default/homelab/storage/kustomization.yaml

@@ -4,6 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: default
 resources:
-  - ./backup
-  - ./externalsecret.yaml
   - ./photo-sort

kubernetes/apps/default/homelab/storage/photo-sort/helmrelease.yaml

@@ -29,7 +29,7 @@ spec:
     keepHistory: false
   values:
     controllers:
-      homelab-truenas-photo-sort:
+      homelab-storage-photo-sort:
         type: cronjob
         cronjob:
           concurrencyPolicy: Forbid
@@ -59,7 +59,7 @@ spec:
     persistence:
       scripts:
         type: configMap
-        name: homelab-truenas-photo-sort-configmap
+        name: homelab-storage-photo-sort-configmap
         defaultMode: 0775
         globalMounts:
           - path: /app/sort.sh

kubernetes/apps/default/homelab/storage/photo-sort/kustomization.yaml

@@ -6,7 +6,7 @@ namespace: default
 resources:
   - ./helmrelease.yaml
 configMapGenerator:
-  - name: homelab-truenas-photo-sort-configmap
+  - name: homelab-storage-photo-sort-configmap
     files:
       - ./scripts/sort.sh
 generatorOptions:

kubernetes/apps/default/homelab/truenas/backup/helmrelease.yaml

@@ -1,69 +0,0 @@
----
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: &app homelab-truenas-backup
-  namespace: default
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: app-template
-      version: 3.2.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  maxHistory: 2
-  install:
-    createNamespace: true
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      strategy: rollback
-      retries: 3
-  uninstall:
-    keepHistory: false
-  values:
-    controllers:
-      homelab-truenas-backup:
-        type: cronjob
-        cronjob:
-          concurrencyPolicy: Forbid
-          schedule: "@daily"
-        containers:
-          truenas-remote-backup:
-            image:
-              repository: ghcr.io/auricom/kubectl
-              tag: 1.29.2@sha256:693ced2697bb7c7349419d4035a62bd474fc41710675b344f71773d8a687dfc3
-            command: [/bin/bash, /app/truenas-backup.sh]
-            env:
-              HOSTNAME: truenas-remote
-            envFrom:
-              - secretRef:
-                  name: &secret homelab-truenas-secret
-    service:
-      app:
-        controller: *app
-        enabled: false
-    persistence:
-      config:
-        enabled: true
-        type: configMap
-        name: homelab-truenas-backup-configmap
-        defaultMode: 0775
-        globalMounts:
-          - path: /app/truenas-backup.sh
-            subPath: truenas-backup.sh
-            readOnly: true
-      ssh:
-        type: secret
-        name: *secret
-        defaultMode: 0775
-        globalMounts:
-          - path: /opt/id_rsa
-            subPath: TRUENAS_SSH_KEY
-            readOnly: true

kubernetes/apps/default/homelab/truenas/backup/kustomization.yaml

@@ -1,15 +0,0 @@
----
-# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
-  - ./helmrelease.yaml
-configMapGenerator:
-  - name: homelab-truenas-backup-configmap
-    files:
-      - ./truenas-backup.sh
-generatorOptions:
-  disableNameSuffixHash: true
-  annotations:
-    kustomize.toolkit.fluxcd.io/substitute: disabled

kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh

@@ -1,49 +0,0 @@
-#!/usr/bin/env bash
-
-set -o nounset
-set -o errexit
-
-mkdir -p ~/.ssh
-cp /opt/id_rsa ~/.ssh/id_rsa
-chmod 600 ~/.ssh/id_rsa
-
-printf -v aws_access_key_id_str %q "$TRUENAS_AWS_ACCESS_KEY_ID"
-printf -v aws_secret_access_key_str %q "$TRUENAS_AWS_SECRET_ACCESS_KEY"
-
-
-ssh -o StrictHostKeyChecking=no root@${HOSTNAME}.feisar.ovh "/bin/bash -s $aws_access_key_id_str $aws_secret_access_key_str" << 'EOF'
-
-set -o nounset
-set -o errexit
-
-AWS_ACCESS_KEY_ID=$1
-AWS_SECRET_ACCESS_KEY=$2
-
-config_filename="$(date "+%Y%m%d-%H%M%S").tar"
-
-http_host=s3.feisar.ovh
-http_request_date=$(date -R)
-http_content_type="application/x-tar"
-http_filepath="truenas/$(hostname)/${config_filename}"
-http_signature=$(
-    printf "PUT\n\n${http_content_type}\n%s\n/%s" "${http_request_date}" "${http_filepath}" \
-        | openssl sha1 -hmac "${AWS_SECRET_ACCESS_KEY}" -binary \
-        | base64
-)
-
-echo "Creating backup archive ..."
-
-tar -cvlf /tmp/backup-${config_filename} --strip-components=2 /data/freenas-v1.db /data/pwenc_secret
-
-echo "Upload backup to s3 bucket ..."
-curl -fsSL \
-    -X PUT -T "/tmp/backup-${config_filename}" \
-    -H "Host: ${http_host}" \
-    -H "Date: ${http_request_date}" \
-    -H "Content-Type: ${http_content_type}" \
-    -H "Authorization: AWS ${AWS_ACCESS_KEY_ID}:${http_signature}" \
-    "https://s3.feisar.ovh/${http_filepath}"
-
-rm /tmp/backup-*.tar
-
-EOF

kubernetes/apps/default/homelab/truenas/externalsecret.yaml

@@ -1,34 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: homelab-truenas
-  namespace: default
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: homelab-truenas-secret
-    template:
-      data:
-        # App
-        PUSHOVER_API_TOKEN: "{{ .TRUENAS_PUSHOVER_API_TOKEN }}"
-        PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}"
-        TRUENAS_AWS_ACCESS_KEY_ID: "{{ .TRUENAS_AWS_ACCESS_KEY_ID }}"
-        TRUENAS_AWS_SECRET_ACCESS_KEY: "{{ .TRUENAS_AWS_SECRET_ACCESS_KEY }}"
-        TRUENAS_SSH_KEY: "{{ .TRUENAS_SSH_KEY }}"
-        TRUENAS_API_KEY: "{{ .TRUENAS_API_KEY }}"
-        TRUENAS_REMOTE_API_KEY: "{{ .TRUENAS_REMOTE_API_KEY }}"
-        SECRET_DOMAIN: "{{ .SECRET_DOMAIN }}"
-        SECRET_PUBLIC_DOMAIN: "{{ .SECRET_PUBLIC_DOMAIN }}"
-  dataFrom:
-    - extract:
-        key: generic
-    - extract:
-        key: homelab-truenas
-    - extract:
-        key: pushover
-    - extract:
-        key: sops

kubernetes/apps/default/homelab/truenas/readme.md

@@ -1,128 +0,0 @@
-# truenas
-
-## truenas-backup S3 Configuration
-
-1. Create `~/.mc/config.json`
-
-   ```json
-   {
-     "version": "10",
-     "aliases": {
-       "minio": {
-         "url": "https://s3.<domain>",
-         "accessKey": "<access-key>",
-         "secretKey": "<secret-key>",
-         "api": "S3v4",
-         "path": "auto"
-       }
-     }
-   }
-   ```
-
-2. Create the truenas user and password
-
-   ```sh
-   mc admin user add minio truenas <super-secret-password>
-   ```
-
-3. Create the truenas bucket
-
-   ```sh
-   mc mb minio/truenas
-   ```
-
-4. Create `truenas-user-policy.json`
-
-   ```json
-   {
-     "Version": "2012-10-17",
-     "Statement": [
-       {
-         "Action": [
-           "s3:ListBucket",
-           "s3:PutObject",
-           "s3:GetObject",
-           "s3:DeleteObject"
-         ],
-         "Effect": "Allow",
-         "Resource": ["arn:aws:s3:::truenas/*", "arn:aws:s3:::truenas"],
-         "Sid": ""
-       }
-     ]
-   }
-   ```
-
-5. Apply the bucket policies
-
-    ```sh
-    mc admin policy add minio truenas-private truenas-user-policy.json
-    ```
-
-6. Associate private policy with the user
-
-    ```sh
-    mc admin policy set minio truenas-private user=truenas
-    ```
-
-7. Create a retention policy
-
-    ```sh
-    mc ilm add minio/truenas --expire-days "90"
-    ```
-
-## minio-rclone S3 Configuration
-
-1. Create `~/.mc/config.json`
-
-   ```json
-   {
-     "version": "10",
-     "aliases": {
-       "minio": {
-         "url": "https://s3.<domain>",
-         "accessKey": "<access-key>",
-         "secretKey": "<secret-key>",
-         "api": "S3v4",
-         "path": "auto"
-       }
-     }
-   }
-   ```
-
-2. Create the rclone user and password
-
-   ```sh
-   mc admin user add minio rclone <super-secret-password>
-   ```
-
-
-3. Create `rclone-user-policy.json`
-
-   ```json
-   {
-     "Version": "2012-10-17",
-     "Statement": [
-       {
-         "Action": [
-           "s3:ListBucket",
-           "s3:GetObject"
-         ],
-         "Effect": "Allow",
-         "Resource": ["arn:aws:s3:::opnsense/*", "arn:aws:s3:::opnsense","arn:aws:s3:::truenas/*", "arn:aws:s3:::truenas"],
-         "Sid": ""
-       }
-     ]
-   }
-   ```
-
-4. Apply the bucket policies
-
-    ```sh
-    mc admin policy add minio rclone-private rclone-user-policy.json
-    ```
-
-5. Associate private policy with the user
-
-    ```sh
-    mc admin policy set minio rclone-private user=rclone
-    ```