diff --git a/.env.example b/.env.example index 257d157..f9e7ac7 100644 --- a/.env.example +++ b/.env.example @@ -20,8 +20,15 @@ AUTHENTIK_GITEA_CLIENT_ID=your_client_id_here AUTHENTIK_GITEA_CLIENT_SECRET=your_client_secret_here AUTHENTIK_GRAFANA_CLIENT_ID=your_client_id_here AUTHENTIK_GRAFANA_CLIENT_SECRET=your_client_secret_here +AUTHENTIK_ARGOCD_CLIENT_ID=your_client_id_here +AUTHENTIK_ARGOCD_CLIENT_SECRET=your_client_secret_here # Gitea container registry credentials REGISTRY_SERVER=your_registry_server_here REGISTRY_USER=your_username_here -REGISTRY_PASSWORD=your_token_here \ No newline at end of file +REGISTRY_PASSWORD=your_token_here + +# Home Assistant and Discord integration +HA_TOKEN=your_home_assistant_token_here +DISCORD_TOKEN=your_discord_token_here +GUILD_ID=your_discord_guild_id_here \ No newline at end of file diff --git a/argocd/apps/home-services.yaml b/argocd/apps/home-services.yaml new file mode 100644 index 0000000..c7b5201 --- /dev/null +++ b/argocd/apps/home-services.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: home-services + namespace: argocd + labels: + app.kubernetes.io/part-of: argocd +spec: + project: default + source: + repoURL: https://gitea.nik4nao.com/nik/homelab.git + targetRevision: HEAD + path: manifests/home-services + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=false \ No newline at end of file diff --git a/manifests/home-services/discord-bot-sealed.yaml b/manifests/home-services/discord-bot-sealed.yaml new file mode 100644 index 0000000..2594ad4 --- /dev/null +++ b/manifests/home-services/discord-bot-sealed.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: discord-bot-secret + namespace: default +spec: + encryptedData: + DISCORD_TOKEN: AgDBma4WxR+7UY2EXu4R98SMc5+OUtGCdccjmXObtKyYTXGzKdOl2pqrfxvTo1fU3M0G/6RvbE8feHGollz44YdyJtM8UZZztWE71p/azGrCOsX/ahCaDa6x0cY8wVXkAuojJNHR4OgszdAiDimQDk1fhe6FYN+JHHUfIntsU0I8aVWlLEWFUVw0U9o4waEV0LF0FJUyGdmj2g+YUOAfsEIX+RNAlMZ3PU6cIjy/LyMStbZI6z8GiPRk4TO15Tg+929V5MRS8CASTeWNC+sh4oGMOsTSLalNMNVFdDhr6HWxiyFCVUXZwnQ2ovt5/E8Gk9T49vedwdpywB/74suY+JIftZtysVk+hXV7aQdKyz10BlKcJ2OTlvoPKY2P7Q1ByM/zvSKl4d8GRmPA3MqV+qyi/SHkUsR8MZbdcxFLmbOv6ESGnvinwOvZR9PbdQZq7GWXzqoIvYkITueRheiMOzF0LmA64fpsKCCQ2Gk+HlpOcc7mes6GCoczVDHUofs8woN8zWyWptxogDQJcuvIoV0XSOBuKQGY+dAgiBrOAQrqdvBIXraqBPFLvh6P6NWht/p2CJGBGCSAHfhX3SVlPIvmEPmZjInVypsBENRWop6OwueyqvpzC3c3ANV+9Din++tnyUryT6R+MyPk3IQkVUCnyyM3vkv4vVHo/8gMlZE/H5yThvVNEbK273WCsJaBRsM56sJCqDf51fJ+gOB6vvgh3+drRrzhjDoNesVsMiAfKPBprbNTCPY1iWUeCZLrMfgMS0kJay49pMVRgR/UwJm+5z7ZCtguqGM= + GUILD_ID: AgASZNRwZmFajqhfisPKYPESY/JErX+USTI4DBCUWjS16i+8p1euCu6eyuYZQGuDsBIuRO80nvzB7xFEsW9NIyX0QfBTsLJ4dEIVOa1iGaaX/7t9u6asMRyDRTUZrve0UYX6MKjJiLvbOAnDzSlsFp+I4/uLWWnnQjjQkKcNScWHVQE3r6cIe8dwSKxj2vyVoaO61muIWtC5HxgCW4YsbRlMt8eNbQaWpjV4uOzcj282s7gNJd36LKFtdQuzpahJDmfVnEOYAtIDMPZfGqYeyvVMP6LAEpYLSUCV7CmL+7VQuXMNma2sRUjrK0f0pmBk6Ohji60VlsPG97E09HPhuqN4zsZDgNpuevlbnHfigynDWO9Agbxx7AqAxZ58YTtaCtMRozKx490jEPD5Lp69tcPTcU9n9fsSEqIMsydg3CeOCPV/8DEfsgjQOa1/B1N0p2viHk7uibkjNQ/T339cznBdP0AdnzBJC4wELvS/HzBJb1sIwJndziFs5LSbbRl7TSkS3UnGmiY1k0HmZ26XhIE+avYP2zASmV0pMJzpsfsbyhGLQwKgRUkwAVeh3mQVP84tM5Tn2L9oy2DQjB3upZjQ7k3VDZL5WLRzgmgzhvx5AwPjToEeW2EIOXpnOZ1g7WBNAT04HUlN+7YWRugx00oTUJozu1hgo69ScCcA6grypY89tTFLltq9gYXNcMsjzTfQa1ftgXW9/pUJ9dk0mHYDwmYn + template: + metadata: + name: discord-bot-secret + namespace: default diff --git a/manifests/home-services/discord-bot-secret.sh b/manifests/home-services/discord-bot-secret.sh new file mode 100644 index 0000000..205851b --- /dev/null +++ b/manifests/home-services/discord-bot-secret.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# Usage: bash manifests/home-services/discord-bot-secret.sh +# Description: Regenerates the discord-bot SealedSecret from .env +set -euo pipefail + +source "$(dirname "$0")/../../.env" + +kubectl create secret generic discord-bot-secret \ + --namespace=default \ + --from-literal=DISCORD_TOKEN="${DISCORD_TOKEN}" \ + --from-literal=GUILD_ID="${GUILD_ID}" \ + --dry-run=client -o yaml \ + | kubeseal --controller-namespace=kube-system \ + --controller-name=sealed-secrets-controller \ + --format=yaml \ + > "$(dirname "$0")/discord-bot-sealed.yaml" + +echo "discord-bot-sealed.yaml regenerated — commit to repo" \ No newline at end of file diff --git a/manifests/home-services/discord-bot.yaml b/manifests/home-services/discord-bot.yaml new file mode 100644 index 0000000..aafb3e2 --- /dev/null +++ b/manifests/home-services/discord-bot.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: discord-bot + namespace: default + labels: + app: discord-bot +spec: + replicas: 1 + selector: + matchLabels: + app: discord-bot + template: + metadata: + labels: + app: discord-bot + spec: + imagePullSecrets: + - name: gitea-registry-secret + containers: + - name: discord-bot + image: gitea.nik4nao.com/nik/discord-bot:latest + env: + - name: DISCORD_TOKEN + valueFrom: + secretKeyRef: + name: discord-bot-secret + key: DISCORD_TOKEN + - name: GUILD_ID + valueFrom: + secretKeyRef: + name: discord-bot-secret + key: GUILD_ID + - name: HA_GATEWAY_ADDR + value: "ha-gateway.default.svc.cluster.local:50051" + - name: OTEL_ENDPOINT + value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317" + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi \ No newline at end of file diff --git a/manifests/home-services/ha-gateway-sealed.yaml b/manifests/home-services/ha-gateway-sealed.yaml new file mode 100644 index 0000000..c69c601 --- /dev/null +++ b/manifests/home-services/ha-gateway-sealed.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: ha-gateway-secret + namespace: default +spec: + encryptedData: + HA_TOKEN: AgAoJBgA7GmZs1JNRfP5LAwkgVGguwAWczm7eybLzjVMzxEVROVEQ2/UXsA+KxIMleParjgMRQ2kEeuJusVWV6IyXVwizO+AhMZsoL6rJZC/bL8yPlAZ66thLZ322NAaMCAa49LJSk+tgp9bv2eP0Xi5jkn6LOyCZW78VZU3aqhoqREsW/0UUfatUGIUGAaekIkKWU4vDQlbXgmztQd3gpWPsh9QVooJeWxRdMyDpkrkJTrkF4e1BmGxEte+9ZO2eNiqbGWRM1IfmsJHOab/3RkN4kA2C5uMHFDly1XB8iqcoLtxIgl6XU6dH6ny7OlQFI63kWkTg8mg9TOZ9GzRJ8sAzHqb/bi3zfvPbC5ZNCau+0VY4duuMh+zzZOAEPo7zHQUhXnrXXe9aGhlomgU6KlnHUCBmPYWr+puixrHK2VIkGt1e37Mi7HTYl17LewKJR1hYi4LaGU+XwJmxQxnNabVsSBFXhGgxkFcwHy+biWkNgxKt+o7bS7m5b2pkwOBVQ2/Ri/Eg45x2XaHETh2cLKAQBQYjJ3lck7dawdGkporLrx21XaTP0FfsvyUUcQpavP9tSJMvLuVhy+HAFB8ttHnSn9uYIh2IuP9R8Ac/diLwqHCmVkK8W9sDNRbmy3woK23OOYMYD1wXjUm/bmXJXiKGKp7/7IM3IbOghRCCnhorb7RumcvojtTiaxwYjGXj/a3sbtWLFbRvtoYf1ojIMfvLVWD14+8j8Nmp5ubz98+y4q/QrWnOEWK7I/48ShdiRFb8JSxrH3LPNygzITJu2aGlhRPw+kfAjvK3Cy1T6ZZkWJjvfEQjMzSs097axj1rVL5UcV0tErBtqeHKbCV5XjTYsNvKLmGCIEUHUiI9jnj8oR8XwGtrw7DhHvRS7GzI1I4OPi7BhtwxBVH2R9H/HtMp8MfAt4pvv7SSjwjzaXr1DS9asiK6aA= + template: + metadata: + name: ha-gateway-secret + namespace: default diff --git a/manifests/home-services/ha-gateway-secret.sh b/manifests/home-services/ha-gateway-secret.sh new file mode 100644 index 0000000..d247b2f --- /dev/null +++ b/manifests/home-services/ha-gateway-secret.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +# Usage: bash manifests/home-services/ha-gateway-secret.sh +# Description: Regenerates the ha-gateway SealedSecret from .env +set -euo pipefail + +source "$(dirname "$0")/../../.env" + +kubectl create secret generic ha-gateway-secret \ + --namespace=default \ + --from-literal=HA_TOKEN="${HA_TOKEN}" \ + --dry-run=client -o yaml \ + | kubeseal --controller-namespace=kube-system \ + --controller-name=sealed-secrets-controller \ + --format=yaml \ + > "$(dirname "$0")/ha-gateway-sealed.yaml" + +echo "ha-gateway-sealed.yaml regenerated" \ No newline at end of file diff --git a/manifests/home-services/ha-gateway.yaml b/manifests/home-services/ha-gateway.yaml new file mode 100644 index 0000000..4890187 --- /dev/null +++ b/manifests/home-services/ha-gateway.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ha-gateway + namespace: default + labels: + app: ha-gateway +spec: + replicas: 1 + selector: + matchLabels: + app: ha-gateway + template: + metadata: + labels: + app: ha-gateway + spec: + imagePullSecrets: + - name: gitea-registry-secret + containers: + - name: ha-gateway + image: gitea.nik4nao.com/nik/ha-gateway:latest + ports: + - containerPort: 50051 + name: grpc + env: + - name: GRPC_PORT + value: "50051" + - name: HA_BASE_URL + value: "http://ha.home.arpa:8123" + - name: HA_TOKEN + valueFrom: + secretKeyRef: + name: ha-gateway-secret + key: HA_TOKEN + - name: OTEL_ENDPOINT + value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317" + readinessProbe: + grpc: + port: 50051 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + grpc: + port: 50051 + initialDelaySeconds: 10 + periodSeconds: 30 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: ha-gateway + namespace: default + labels: + app: ha-gateway +spec: + selector: + app: ha-gateway + ports: + - name: grpc + port: 50051 + targetPort: 50051 + type: ClusterIP \ No newline at end of file