feat: add Discord and Home Assistant integration with sealed secrets and deployments

This commit is contained in:
Nik Afiq 2026-04-06 21:14:47 +09:00
parent c470c60b4a
commit 53e7e32d5a
8 changed files with 206 additions and 1 deletions

View File

@ -20,8 +20,15 @@ AUTHENTIK_GITEA_CLIENT_ID=your_client_id_here
AUTHENTIK_GITEA_CLIENT_SECRET=your_client_secret_here
AUTHENTIK_GRAFANA_CLIENT_ID=your_client_id_here
AUTHENTIK_GRAFANA_CLIENT_SECRET=your_client_secret_here
AUTHENTIK_ARGOCD_CLIENT_ID=your_client_id_here
AUTHENTIK_ARGOCD_CLIENT_SECRET=your_client_secret_here
# Gitea container registry credentials
REGISTRY_SERVER=your_registry_server_here
REGISTRY_USER=your_username_here
REGISTRY_PASSWORD=your_token_here
# Home Assistant and Discord integration
HA_TOKEN=your_home_assistant_token_here
DISCORD_TOKEN=your_discord_token_here
GUILD_ID=your_discord_guild_id_here

View File

@ -0,0 +1,22 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: home-services
namespace: argocd
labels:
app.kubernetes.io/part-of: argocd
spec:
project: default
source:
repoURL: https://gitea.nik4nao.com/nik/homelab.git
targetRevision: HEAD
path: manifests/home-services
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=false

View File

@ -0,0 +1,14 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: discord-bot-secret
namespace: default
spec:
encryptedData:
DISCORD_TOKEN: AgDBma4WxR+7UY2EXu4R98SMc5+OUtGCdccjmXObtKyYTXGzKdOl2pqrfxvTo1fU3M0G/6RvbE8feHGollz44YdyJtM8UZZztWE71p/azGrCOsX/ahCaDa6x0cY8wVXkAuojJNHR4OgszdAiDimQDk1fhe6FYN+JHHUfIntsU0I8aVWlLEWFUVw0U9o4waEV0LF0FJUyGdmj2g+YUOAfsEIX+RNAlMZ3PU6cIjy/LyMStbZI6z8GiPRk4TO15Tg+929V5MRS8CASTeWNC+sh4oGMOsTSLalNMNVFdDhr6HWxiyFCVUXZwnQ2ovt5/E8Gk9T49vedwdpywB/74suY+JIftZtysVk+hXV7aQdKyz10BlKcJ2OTlvoPKY2P7Q1ByM/zvSKl4d8GRmPA3MqV+qyi/SHkUsR8MZbdcxFLmbOv6ESGnvinwOvZR9PbdQZq7GWXzqoIvYkITueRheiMOzF0LmA64fpsKCCQ2Gk+HlpOcc7mes6GCoczVDHUofs8woN8zWyWptxogDQJcuvIoV0XSOBuKQGY+dAgiBrOAQrqdvBIXraqBPFLvh6P6NWht/p2CJGBGCSAHfhX3SVlPIvmEPmZjInVypsBENRWop6OwueyqvpzC3c3ANV+9Din++tnyUryT6R+MyPk3IQkVUCnyyM3vkv4vVHo/8gMlZE/H5yThvVNEbK273WCsJaBRsM56sJCqDf51fJ+gOB6vvgh3+drRrzhjDoNesVsMiAfKPBprbNTCPY1iWUeCZLrMfgMS0kJay49pMVRgR/UwJm+5z7ZCtguqGM=
GUILD_ID: AgASZNRwZmFajqhfisPKYPESY/JErX+USTI4DBCUWjS16i+8p1euCu6eyuYZQGuDsBIuRO80nvzB7xFEsW9NIyX0QfBTsLJ4dEIVOa1iGaaX/7t9u6asMRyDRTUZrve0UYX6MKjJiLvbOAnDzSlsFp+I4/uLWWnnQjjQkKcNScWHVQE3r6cIe8dwSKxj2vyVoaO61muIWtC5HxgCW4YsbRlMt8eNbQaWpjV4uOzcj282s7gNJd36LKFtdQuzpahJDmfVnEOYAtIDMPZfGqYeyvVMP6LAEpYLSUCV7CmL+7VQuXMNma2sRUjrK0f0pmBk6Ohji60VlsPG97E09HPhuqN4zsZDgNpuevlbnHfigynDWO9Agbxx7AqAxZ58YTtaCtMRozKx490jEPD5Lp69tcPTcU9n9fsSEqIMsydg3CeOCPV/8DEfsgjQOa1/B1N0p2viHk7uibkjNQ/T339cznBdP0AdnzBJC4wELvS/HzBJb1sIwJndziFs5LSbbRl7TSkS3UnGmiY1k0HmZ26XhIE+avYP2zASmV0pMJzpsfsbyhGLQwKgRUkwAVeh3mQVP84tM5Tn2L9oy2DQjB3upZjQ7k3VDZL5WLRzgmgzhvx5AwPjToEeW2EIOXpnOZ1g7WBNAT04HUlN+7YWRugx00oTUJozu1hgo69ScCcA6grypY89tTFLltq9gYXNcMsjzTfQa1ftgXW9/pUJ9dk0mHYDwmYn
template:
metadata:
name: discord-bot-secret
namespace: default

View File

@ -0,0 +1,18 @@
#!/usr/bin/env bash
# Usage: bash manifests/home-services/discord-bot-secret.sh
# Description: Regenerates the discord-bot SealedSecret from .env
set -euo pipefail
source "$(dirname "$0")/../../.env"
kubectl create secret generic discord-bot-secret \
--namespace=default \
--from-literal=DISCORD_TOKEN="${DISCORD_TOKEN}" \
--from-literal=GUILD_ID="${GUILD_ID}" \
--dry-run=client -o yaml \
| kubeseal --controller-namespace=kube-system \
--controller-name=sealed-secrets-controller \
--format=yaml \
> "$(dirname "$0")/discord-bot-sealed.yaml"
echo "discord-bot-sealed.yaml regenerated — commit to repo"

View File

@ -0,0 +1,44 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: discord-bot
namespace: default
labels:
app: discord-bot
spec:
replicas: 1
selector:
matchLabels:
app: discord-bot
template:
metadata:
labels:
app: discord-bot
spec:
imagePullSecrets:
- name: gitea-registry-secret
containers:
- name: discord-bot
image: gitea.nik4nao.com/nik/discord-bot:latest
env:
- name: DISCORD_TOKEN
valueFrom:
secretKeyRef:
name: discord-bot-secret
key: DISCORD_TOKEN
- name: GUILD_ID
valueFrom:
secretKeyRef:
name: discord-bot-secret
key: GUILD_ID
- name: HA_GATEWAY_ADDR
value: "ha-gateway.default.svc.cluster.local:50051"
- name: OTEL_ENDPOINT
value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317"
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi

View File

@ -0,0 +1,13 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: ha-gateway-secret
namespace: default
spec:
encryptedData:
HA_TOKEN: AgAoJBgA7GmZs1JNRfP5LAwkgVGguwAWczm7eybLzjVMzxEVROVEQ2/UXsA+KxIMleParjgMRQ2kEeuJusVWV6IyXVwizO+AhMZsoL6rJZC/bL8yPlAZ66thLZ322NAaMCAa49LJSk+tgp9bv2eP0Xi5jkn6LOyCZW78VZU3aqhoqREsW/0UUfatUGIUGAaekIkKWU4vDQlbXgmztQd3gpWPsh9QVooJeWxRdMyDpkrkJTrkF4e1BmGxEte+9ZO2eNiqbGWRM1IfmsJHOab/3RkN4kA2C5uMHFDly1XB8iqcoLtxIgl6XU6dH6ny7OlQFI63kWkTg8mg9TOZ9GzRJ8sAzHqb/bi3zfvPbC5ZNCau+0VY4duuMh+zzZOAEPo7zHQUhXnrXXe9aGhlomgU6KlnHUCBmPYWr+puixrHK2VIkGt1e37Mi7HTYl17LewKJR1hYi4LaGU+XwJmxQxnNabVsSBFXhGgxkFcwHy+biWkNgxKt+o7bS7m5b2pkwOBVQ2/Ri/Eg45x2XaHETh2cLKAQBQYjJ3lck7dawdGkporLrx21XaTP0FfsvyUUcQpavP9tSJMvLuVhy+HAFB8ttHnSn9uYIh2IuP9R8Ac/diLwqHCmVkK8W9sDNRbmy3woK23OOYMYD1wXjUm/bmXJXiKGKp7/7IM3IbOghRCCnhorb7RumcvojtTiaxwYjGXj/a3sbtWLFbRvtoYf1ojIMfvLVWD14+8j8Nmp5ubz98+y4q/QrWnOEWK7I/48ShdiRFb8JSxrH3LPNygzITJu2aGlhRPw+kfAjvK3Cy1T6ZZkWJjvfEQjMzSs097axj1rVL5UcV0tErBtqeHKbCV5XjTYsNvKLmGCIEUHUiI9jnj8oR8XwGtrw7DhHvRS7GzI1I4OPi7BhtwxBVH2R9H/HtMp8MfAt4pvv7SSjwjzaXr1DS9asiK6aA=
template:
metadata:
name: ha-gateway-secret
namespace: default

View File

@ -0,0 +1,17 @@
#!/usr/bin/env bash
# Usage: bash manifests/home-services/ha-gateway-secret.sh
# Description: Regenerates the ha-gateway SealedSecret from .env
set -euo pipefail
source "$(dirname "$0")/../../.env"
kubectl create secret generic ha-gateway-secret \
--namespace=default \
--from-literal=HA_TOKEN="${HA_TOKEN}" \
--dry-run=client -o yaml \
| kubeseal --controller-namespace=kube-system \
--controller-name=sealed-secrets-controller \
--format=yaml \
> "$(dirname "$0")/ha-gateway-sealed.yaml"
echo "ha-gateway-sealed.yaml regenerated"

View File

@ -0,0 +1,70 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ha-gateway
namespace: default
labels:
app: ha-gateway
spec:
replicas: 1
selector:
matchLabels:
app: ha-gateway
template:
metadata:
labels:
app: ha-gateway
spec:
imagePullSecrets:
- name: gitea-registry-secret
containers:
- name: ha-gateway
image: gitea.nik4nao.com/nik/ha-gateway:latest
ports:
- containerPort: 50051
name: grpc
env:
- name: GRPC_PORT
value: "50051"
- name: HA_BASE_URL
value: "http://ha.home.arpa:8123"
- name: HA_TOKEN
valueFrom:
secretKeyRef:
name: ha-gateway-secret
key: HA_TOKEN
- name: OTEL_ENDPOINT
value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317"
readinessProbe:
grpc:
port: 50051
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
grpc:
port: 50051
initialDelaySeconds: 10
periodSeconds: 30
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
---
apiVersion: v1
kind: Service
metadata:
name: ha-gateway
namespace: default
labels:
app: ha-gateway
spec:
selector:
app: ha-gateway
ports:
- name: grpc
port: 50051
targetPort: 50051
type: ClusterIP