bump ha after cluster rebirth

rssnyder · Dec 30, 2024 · bdb84c2 · bdb84c2
1 parent 76e8979
commit bdb84c2
Show file tree

Hide file tree

Showing 11 changed files with 182 additions and 108 deletions.
diff --git a/k8s/debug.yaml b/k8s/debug.yaml
@@ -29,4 +29,4 @@ spec:
       volumes:
       - name: config
         persistentVolumeClaim:
-          claimName: doubletake
+          claimName: config
diff --git a/k8s/homeassistant/homeassistant.yaml b/k8s/homeassistant/homeassistant.yaml
@@ -23,7 +23,7 @@ spec:
       hostNetwork: true
       containers:
       - name: home-assistant
-        image: ghcr.io/home-assistant/home-assistant:2024.11
+        image: ghcr.io/home-assistant/home-assistant:2024.12
         imagePullPolicy: Always
         env:
         - name: TZ

diff --git a/k8s/manifests/oc/example.yaml b/k8s/manifests/oc/example.yaml
@@ -0,0 +1,73 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: example
+
+---
+# get some persistance storage
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: example
+  namespace: example
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1M
+
+---
+# run some container in the cluster
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: example
+  namespace: example
+spec:
+  selector:
+    matchLabels:
+      app: example
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: example
+    spec:
+      containers:
+      - name: whoami
+        image: traefik/whoami
+        env:
+        - name: EXAMPLE
+          value: something
+        ports:
+        - name: web
+          containerPort: 80
+        volumeMounts:
+        - name: storage
+          mountPath: /mnt/storage
+      volumes:
+      - name: storage
+        persistentVolumeClaim:
+          claimName: example
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: example
+  namespace: example
+  annotations:
+    # add service to tailnet with dns name
+    tailscale.com/expose: "true"
+    tailscale.com/hostname: "oc-example"
+spec:
+  type: ClusterIP
+  selector:
+    app: example
+  ports:
+  - name: http
+    port: 8080
+    targetPort: web
+
diff --git a/k8s/reddit-alerts/buildapcsales.yaml b/k8s/reddit-alerts/buildapcsales.yaml
@@ -9,7 +9,7 @@ metadata:
 data:
   SUBREDDIT: "buildapcsales"
   DB: "/db/buildapcsales.json"
-  POST_TEXT: "dualup;Terramaster;n100"
+  POST_TEXT: "dualup;n100;LN1301;keyboard"
 
 ---
 apiVersion: apps/v1
@@ -29,7 +29,7 @@ spec:
     spec:
       containers:
       - name: buildapcsales
-        image: ghcr.io/rssnyder/discord-reddit-posts:0.0.1-beta.4
+        image: ghcr.io/rssnyder/discord-reddit-posts:master
         imagePullPolicy: IfNotPresent
         envFrom:
         - configMapRef:

diff --git a/playbooks/backup.yml b/playbooks/backup.yml
@@ -5,16 +5,22 @@
 
   tasks:
 
-    # - name: backup google drive to bucket
-    #   shell:
-    #     cmd: |
-    #       rclone copy riley: /bucket/backup/drive/
+    - name: backup google drive to bucket
+      shell:
+        cmd: |
+          rclone copy riley: /bucket/backup/drive/
     
-    # - name: backup bucket to gdrive
-    #   shell:
-    #     cmd: rclone copy /bucket/{{ item }}    crypt:bucket/{{ item }}
-    #   loop:
-    #   - backup
+    - name: backup bucket to gdrive
+      shell:
+        cmd: rclone copy /bucket/{{ item }}    crypt:bucket/{{ item }}
+      loop:
+      - backup
+
+    - name: backup scratch to gdrive
+      shell:
+        cmd: rclone copy /scratch/{{ item }}    crypt:scratch/{{ item }}
+      loop:
+      - youtue
 
     - name: backup bucket to zaius
       shell:
@@ -25,5 +31,5 @@
       - media/books
       - media/cds
       - media/music
-      # - media/syndicated
+      - media/syndicated
       - media/cc
diff --git a/playbooks/k3s.yml b/playbooks/k3s.yml
@@ -24,5 +24,5 @@
         src: "{{ item }}"
         dest: /var/lib/rancher/k3s/server/manifests/{{ item | basename | regex_replace('\.j2$', '') }}
       with_fileglob:
-        - "../k8s/manifests{{ cluster_context }}/*.yaml"
-
+        - "../k8s/manifests/{{ cluster_context }}/*.yaml"
+
diff --git a/playbooks/nix.yml b/playbooks/nix.yml
@@ -4,12 +4,14 @@
   become: yes
   tasks:
 
-    - name: copy config file
-      copy: 
-        src: "templates/{{ ansible_hostname }}/configuration.nix"
-        dest: "/etc/nixos/configuration.nix"
+    - name: baseline
+      template:
+        src: "{{ item }}"
+        dest: /etc/nixos/{{ item | basename | regex_replace('\.j2$', '') }}
         owner: root
         group: root
+      with_fileglob:
+        - "templates/{{ ansible_hostname }}/*.nix"
 
     - name: rebuild
-      shell: nixos-rebuild switch
+      shell: nixos-rebuild test
diff --git a/playbooks/templates/hurley/Caddyfile.j2 b/playbooks/templates/hurley/Caddyfile.j2
@@ -102,7 +102,7 @@ books.rileysnyder.dev {
 }
 
 registry.rileysnyder.dev {
-    reverse_proxy 192.168.254.2
+    reverse_proxy oc-example.corvus-salmon.ts.net:8080
 }
 
 auth.rileysnyder.dev {

diff --git a/playbooks/templates/hurley/homer.yml b/playbooks/templates/hurley/homer.yml
@@ -73,11 +73,11 @@ services:
     items:
       - name: "Plex"
         logo: "assets/homer-icons/png/plex.png"
-        url: "http://t480-1.corvus-salmon.ts.net:32400"
+        url: "http://plex.corvus-salmon.ts.net:32400"
         target: '_top'
       - name: "Tautulli"
         logo: "assets/homer-icons/png/tautulli.png"
-        url: "http://t480-1.corvus-salmon.ts.net:8181/home"
+        url: "http://plex.corvus-salmon.ts.net:8181/home"
         target: '_top'
       - name: "qBittorrent"
         logo: "assets/homer-icons/png/qbittorrent.png"

diff --git a/playbooks/templates/t480-0/configuration.nix b/playbooks/templates/t480-0/configuration.nix
@@ -4,6 +4,7 @@
   imports =
     [
       ./hardware-configuration.nix
+      ./riley.nix
       (fetchTarball "https://github.com/nix-community/nixos-vscode-server/tarball/master")
     ];
 
@@ -39,65 +40,13 @@
     variant = "";
   };
 
-  users.users.riley = {
-    isNormalUser = true;
-    description = "riley";
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-      "docker"
-    ];
-    packages = with pkgs; [
-      zsh
-      htop
-      kubectl
-      ansible
-      opentofu
-      python312
-      oh-my-zsh
-      zsh-completions
-      zsh-syntax-highlighting
-      zsh-history-substring-search
-    ];
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0eYIj1qScmuGmXxYgu54r7s99s5chsjqFwZ/Vwamu5HLb0AmcgCdDaUkHX7YpGTcbafVTHJXVx/V8JKzu2jiztoXZy52JbIpYbkZNgo+aLwB9Sj3XZXFEjarG+P6/iqNNMPIGhLvGOH61keyYoA8cUOhcBUODZWMssK8L2mQxcTNATzC5mv67H6IDiowcFnRV3CKe2VvsVdOLjAjJzQ1xBUpVENyIFohyV+7kmFI5dODct6UdhHjYfW9YA1qlQYfV+S8vU20jcmXcHF+M6x4i1D6kDb5Ig8/5B/Ym1dHFIjcFnBezF2CIT5tsUc4vqfY0DtdVqt9rHFS/swiNZl3GaG4pMF5ooG4RIkb16oFTwBhsEHMzjzG+Pqaqt8UAHC7MXbY6fQxUts8SZUSal7ydoMw3mOKFCtOog517PkqgGUJt2UNsur0R204Vgxlqx3xTkYbW7VKdglr4MrLjglCM1bT6+cnrP+h2FiWAlXpMXmS4ymsWlrkucmyX0hmLWAk= riley@hurley"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6skgzhanZcBCP4yk9lUeoq+RPC3iq4iHeStJ8eRA8EPk1/XmPjMEVv+wno6RarjYAruk7iUsXBFRcPUC5pCGE/KNhXFl45NOc7Z/1zsKFxBhyzbwXLusewSrCCSCtkJ88I/60QaSN/JSVqu5oFt9o+Y6YwsNMfkcie0xXm0DDUBlcsk4smjBTKuTJlJXurXxKbwBbph8fvZJJpx67cQhaJ27WcCJv31BT/MaIm6+/rdjCYbapVrMvQ4+CZjgrf418r3nHGJhLoovCljQsMtj6add/QsTRkMDjN+5am2GJcfDGC3luWL6bPiWCMgXnrQpAcCov7X/JbxsdvwTePGAyx2hEJwzBFBArOXD5dW3M5gqQIqfHnZLNcmOI1kpYaZI8BohfuvDCS1Y74cxD88w5YoiOWQ0dugzO5JuDLxtvtyoaUJmfdIIiT2xeTYEidJ+JQLnxp+ilwWrXhW6iJ0V+ozu6NRbdxZc6f95fKOh5tgtmMqUv9OZ1Ds15pRRnl7E= riley snyder@DESKTOP-5CDKR1F"
-    ];
-  };
-
-  security.sudo.extraRules= [
-    {  users = [ "riley" ];
-      commands = [
-        { command = "ALL" ;
-          options= [ "NOPASSWD" ];
-        }
-      ];
-    }
-  ];
-
   programs.firefox.enable = true;
 
-  environment.systemPackages  = with pkgs; [
-    vim
-    git
-    unzip
-    screen
-    gnumake
-    tailscale
-    smartmontools
-    github-runner
-  ];
-
-  services.openssh.enable = true;
-
   networking.firewall.allowedTCPPorts = [
-    22
     6969
     9090
   ];
 
-  virtualisation.docker.enable = true;
-
   services.logind.lidSwitch = "ignore";
 
   services.vscode-server.enable = true;
@@ -111,10 +60,7 @@
     };
   };
 
-  services.tailscale.enable = true;
-  services.tailscale.port = 41641;
   networking.firewall.allowedUDPPorts = [
-    41641
     6969
   ];
 
@@ -123,24 +69,6 @@
         enable = true;
       };
       oci-containers.containers = {
-        # prometheus = {
-        #   image = "prom/prometheus";
-        #   ports = [
-        #     "9090:9090"
-        #   ];
-        #   cmd = [
-        #     "--config.file=/etc/prometheus/prometheus.yml"
-        #     "--web.enable-admin-api"
-        #     "--web.enable-lifecycle"
-        #     "--storage.tsdb.path=/prometheus"
-        #     "--web.console.libraries=/usr/share/prometheus/console_libraries"
-        #     "--web.console.templates=/usr/share/prometheus/consoles"
-        #     "--web.enable-remote-write-receiver"
-        #   ];
-        #   volumes = [
-        #     "/home/riley/appdata/prometheus.yml:/etc/prometheus/prometheus.yml"
-        #   ];
-        # };
         prometheus-node-exporter-textfiles = {
           image = "quay.io/galexrt/node-exporter-textfiles:v20220922-124518-926";
           environment = {
@@ -184,7 +112,6 @@
     pushgateway.enable = true;
     extraFlags = [
       "--web.enable-remote-write-receiver"
-      # "--web.enable-lifecycle"
     ];
     exporters = {
       node = {
@@ -200,16 +127,6 @@
       };
     };
   };
-
-  fileSystems."/mnt/scratch" = {
-    device = "192.168.2.6:/scratch";
-    fsType = "nfs";
-  };
-
-  fileSystems."/mnt/bucket" = {
-    device = "192.168.2.6:/bucket";
-    fsType = "nfs";
-  };
 
   services.code-server = {
     enable = true;