scottk/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-03-22 02:39:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(hass)!: userns, Litestream, EMQX netpols, cleanup

Browse Source
This commit is contained in:
JJGadgets
2025-01-07 04:49:24 +08:00
parent d29af9db13
commit 2f01ff2ffc
1 changed files with 130 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
kube/deploy/apps/home-assistant/app/hr.yaml
View File

@@ -1,5 +1,5 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.5.1/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.6.0/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
@@ -10,7 +10,7 @@ spec:
chart:
spec:
chart: app-template
version: "3.5.1"
version: "3.6.0"
sourceRef:
name: bjw-s
kind: HelmRepository
@@ -23,10 +23,12 @@ spec:
pod:
hostname: "home-assistant"
labels:
ingress.home.arpa/nginx-internal: "allow"
ingress.home.arpa/world: "allow"
egress.home.arpa/iot: "allow"
egress.home.arpa/appletv: "allow"
ingress.home.arpa/nginx-internal: allow
ingress.home.arpa/world: allow
egress.home.arpa/iot: allow
egress.home.arpa/appletv: allow
egress.home.arpa/r2: allow
db.home.arpa/emqx: emqx
annotations:
k8s.v1.cni.cncf.io/networks: |
[{
@@ -58,68 +60,102 @@ spec:
requests:
cpu: "10m"
limits:
cpu: "3000m"
cpu: "1"
memory: "1Gi"
probes:
liveness:
enabled: true
readiness:
enabled: true
vscode:
type: deployment
replicas: 0
pod:
labels:
ingress.home.arpa/nginx-internal: "allow"
containers:
main:
litestream: &ls
image:
repository: "ghcr.io/coder/code-server"
tag: "4.95.3@sha256:6d74583d68179cbb6ddadc2518b450d2ac3eaec2d342474fe1941e03371cd2cf"
command: ["dumb-init", "/usr/bin/code-server"]
args:
- "--auth"
- "none"
- "--disable-telemetry"
- "--user-data-dir"
- "/home/coder/.vscode"
- "--extensions-dir"
- "/home/coder/.vscode"
- "--bind-addr"
- "0.0.0.0:8080"
- "--port"
- "8080"
- "/home/coder"
env:
TZ: "${CONFIG_TZ}"
securityContext:
<<: *sc
runAsUser: 1000 # coder
repository: "docker.io/litestream/litestream"
tag: "0.3.13"
args: ["replicate"]
envFrom:
- secretRef:
name: litestream-secrets
env: &lsenv
AGE_PUBKEY:
valueFrom:
secretKeyRef:
name: "litestream-agekey"
key: "AGE_PUBKEY"
securityContext: *sc
resources:
requests:
cpu: "10m"
cpu: 10m
memory: 128Mi
limits:
cpu: "500m" # I previously had a code-server that would eat cores
memory: "1Gi"
probes:
liveness:
enabled: true
readiness:
enabled: true
cpu: "1"
memory: 1024Mi
initContainers:
01-litestream-restore:
<<: *ls
args: ["restore", "-if-db-not-exists", "-if-replica-exists", "-v", "/config/home-assistant_v2.db"]
env:
AGE_SECRET:
valueFrom:
secretKeyRef:
name: "litestream-agekey"
key: "AGE_SECRET"
# vscode:
# type: deployment
# replicas: 0
# pod:
# labels:
# ingress.home.arpa/nginx-internal: "allow"
# containers:
# main:
# image:
# repository: "ghcr.io/coder/code-server"
# tag: "4.95.3@sha256:6d74583d68179cbb6ddadc2518b450d2ac3eaec2d342474fe1941e03371cd2cf"
# command: ["dumb-init", "/usr/bin/code-server"]
# args:
# - "--auth"
# - "none"
# - "--disable-telemetry"
# - "--user-data-dir"
# - "/home/coder/.vscode"
# - "--extensions-dir"
# - "/home/coder/.vscode"
# - "--bind-addr"
# - "0.0.0.0:8080"
# - "--port"
# - "8080"
# - "/home/coder"
# env:
# TZ: "${CONFIG_TZ}"
# securityContext:
# <<: *sc
# runAsUser: 1000 # coder
# resources:
# requests:
# cpu: "10m"
# limits:
# cpu: "500m" # I previously had a code-server that would eat cores
# memory: "1Gi"
# probes:
# liveness:
# enabled: true
# readiness:
# enabled: true
service:
home-assistant:
primary: true
controller: "home-assistant"
ports:
http:
port: 8123
protocol: TCP
appProtocol: http
vscode:
primary: false
controller: "vscode"
ports:
http:
port: 8080
primary: true
# vscode:
# primary: false
# controller: "vscode"
# ports:
# http:
# port: 8080
expose:
primary: false
controller: "home-assistant"
@@ -130,6 +166,7 @@ spec:
homekit:
port: 21061
protocol: TCP
primary: false
ingress:
main:
className: "nginx-internal"
@@ -143,18 +180,18 @@ spec:
port: http
tls: &tls
- hosts: [*host]
vscode:
className: "tailscale"
hosts:
- host: &host "hass-edit.${DNS_TS:=ts.net}"
paths: &paths
- path: /
pathType: Prefix
service:
identifier: vscode
port: http
tls:
- hosts: [*host]
# vscode:
# className: "tailscale"
# hosts:
# - host: &host "hass-edit.${DNS_TS:=ts.net}"
# paths: &paths
# - path: /
# pathType: Prefix
# service:
# identifier: vscode
# port: http
# tls:
# - hosts: [*host]
persistence:
config:
enabled: true
@@ -165,10 +202,10 @@ spec:
- subPath: "config"
path: "/config"
readOnly: false
vscode:
main:
- path: "/home/coder"
readOnly: false
# vscode:
# main:
# - path: "/home/coder"
# readOnly: false
tmp:
enabled: true
type: emptyDir
@@ -177,9 +214,36 @@ spec:
- subPath: "tmp"
path: "/tmp"
readOnly: false
litestream:
enabled: true
type: configMap
name: "headscale-litestream"
globalMounts:
- subPath: "litestream.yml"
path: "/etc/litestream.yml"
readOnly: true
configMaps:
litesteeam:
data:
litestream.yml: |
dbs:
- path: /config/home-assistant_v2.db
replicas:
- name: "r2"
type: "s3"
endpoint: "$${R2_ENDPOINT}"
bucket: "$${R2_BUCKET}"
path: "home-assistant"
force-path-style: true
retention: 168h
# validation-interval: 24h
age:
recipients: ["$${AGE_PUBKEY}"]
identities: ["$${AGE_SECRET}"]
defaultPodOptions:
automountServiceAccountToken: false
enableServiceLinks: false
hostUsers: false
securityContext:
runAsNonRoot: true
runAsUser: 65534