Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 75db626903 |
@@ -42,6 +42,7 @@ ArgoCD homelab project
|
|||||||
|
|
||||||
| Application | Status |
|
| Application | Status |
|
||||||
| :--- | :---: |
|
| :--- | :---: |
|
||||||
|
| **amnezia** | [](https://ag.hexor.cy/applications/argocd/amnezia) |
|
||||||
| **comfyui** | [](https://ag.hexor.cy/applications/argocd/comfyui) |
|
| **comfyui** | [](https://ag.hexor.cy/applications/argocd/comfyui) |
|
||||||
| **furumi** | [](https://ag.hexor.cy/applications/argocd/furumi) |
|
| **furumi** | [](https://ag.hexor.cy/applications/argocd/furumi) |
|
||||||
| **gitea** | [](https://ag.hexor.cy/applications/argocd/gitea) |
|
| **gitea** | [](https://ag.hexor.cy/applications/argocd/gitea) |
|
||||||
@@ -53,6 +54,7 @@ ArgoCD homelab project
|
|||||||
| **k8s-secrets** | [](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
|
| **k8s-secrets** | [](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
|
||||||
| **khm** | [](https://ag.hexor.cy/applications/argocd/khm) |
|
| **khm** | [](https://ag.hexor.cy/applications/argocd/khm) |
|
||||||
| **lidarr** | [](https://ag.hexor.cy/applications/argocd/lidarr) |
|
| **lidarr** | [](https://ag.hexor.cy/applications/argocd/lidarr) |
|
||||||
|
| **llamacpp** | [](https://ag.hexor.cy/applications/argocd/llamacpp) |
|
||||||
| **matrix** | [](https://ag.hexor.cy/applications/argocd/matrix) |
|
| **matrix** | [](https://ag.hexor.cy/applications/argocd/matrix) |
|
||||||
| **mtproxy** | [](https://ag.hexor.cy/applications/argocd/mtproxy) |
|
| **mtproxy** | [](https://ag.hexor.cy/applications/argocd/mtproxy) |
|
||||||
| **n8n** | [](https://ag.hexor.cy/applications/argocd/n8n) |
|
| **n8n** | [](https://ag.hexor.cy/applications/argocd/n8n) |
|
||||||
|
|||||||
@@ -126,7 +126,7 @@ data:
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
SERVER_CONFIG="/etc/amnezia/server/awg0.conf"
|
SERVER_CONFIG="/etc/amnezia/server/awg0.conf"
|
||||||
CLIENTS_DIR="${AMNEZIAWG_CLIENTS_DIR:-/run/amnezia/clients}"
|
CLIENTS_DIR="/etc/amnezia/clients"
|
||||||
RUNTIME_CONFIG="/run/amnezia/awg0.conf"
|
RUNTIME_CONFIG="/run/amnezia/awg0.conf"
|
||||||
SYNC_CONFIG="/run/amnezia/awg0.sync.conf"
|
SYNC_CONFIG="/run/amnezia/awg0.sync.conf"
|
||||||
STATUS_FILE="/run/amnezia/reload-status"
|
STATUS_FILE="/run/amnezia/reload-status"
|
||||||
@@ -229,62 +229,6 @@ data:
|
|||||||
write_reload_status applied "${initial_hash}"
|
write_reload_status applied "${initial_hash}"
|
||||||
watch_client_config "${initial_hash}"
|
watch_client_config "${initial_hash}"
|
||||||
|
|
||||||
client-secret-sync.sh: |
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
CLIENT_SECRET="${AMNEZIAWG_CLIENT_SECRET:-amneziawg-clients}"
|
|
||||||
CLIENT_SECRET_KEY="${AMNEZIAWG_CLIENT_SECRET_KEY:-peers.conf}"
|
|
||||||
CLIENTS_DIR="${AMNEZIAWG_CLIENTS_DIR:-/run/amnezia/clients}"
|
|
||||||
PEERS_FILE="${CLIENTS_DIR}/peers.conf"
|
|
||||||
SYNC_INTERVAL="${AMNEZIAWG_CLIENT_SECRET_SYNC_INTERVAL:-5}"
|
|
||||||
NAMESPACE="${POD_NAMESPACE:-$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)}"
|
|
||||||
|
|
||||||
write_empty_once() {
|
|
||||||
mkdir -p "${CLIENTS_DIR}"
|
|
||||||
if [ ! -f "${PEERS_FILE}" ]; then
|
|
||||||
: > "${PEERS_FILE}"
|
|
||||||
chmod 0600 "${PEERS_FILE}"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
sync_once() {
|
|
||||||
mkdir -p "${CLIENTS_DIR}"
|
|
||||||
local tmp_file="${PEERS_FILE}.tmp"
|
|
||||||
local encoded=""
|
|
||||||
|
|
||||||
if ! encoded="$(kubectl get secret "${CLIENT_SECRET}" -n "${NAMESPACE}" -o "go-template={{ index .data \"${CLIENT_SECRET_KEY}\" }}" 2>/dev/null)"; then
|
|
||||||
echo "WARN: failed to read Secret ${NAMESPACE}/${CLIENT_SECRET}; keeping current peers" >&2
|
|
||||||
write_empty_once
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "${encoded}" ]; then
|
|
||||||
printf '%s' "${encoded}" | base64 -d > "${tmp_file}"
|
|
||||||
else
|
|
||||||
: > "${tmp_file}"
|
|
||||||
fi
|
|
||||||
chmod 0600 "${tmp_file}"
|
|
||||||
|
|
||||||
if [ -f "${PEERS_FILE}" ] && cmp -s "${tmp_file}" "${PEERS_FILE}"; then
|
|
||||||
rm -f "${tmp_file}"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
mv "${tmp_file}" "${PEERS_FILE}"
|
|
||||||
echo "Synced AmneziaWG client peers from Secret ${NAMESPACE}/${CLIENT_SECRET}:${CLIENT_SECRET_KEY}"
|
|
||||||
}
|
|
||||||
|
|
||||||
if [ "${1:-}" = "once" ]; then
|
|
||||||
sync_once
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
sync_once || true
|
|
||||||
sleep "${SYNC_INTERVAL}"
|
|
||||||
done
|
|
||||||
|
|
||||||
status-patch.sh: |
|
status-patch.sh: |
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|||||||
@@ -6,9 +6,8 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
app: amneziawg
|
app: amneziawg
|
||||||
annotations:
|
annotations:
|
||||||
reloader.stakater.com/auto: "false"
|
|
||||||
secret.reloader.stakater.com/reload: "amneziawg-server"
|
secret.reloader.stakater.com/reload: "amneziawg-server"
|
||||||
configmap.reloader.stakater.com/reload: "amneziawg-scripts,amneziawg-exporter-redis"
|
configmap.reloader.stakater.com/reload: "amneziawg-scripts"
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
@@ -37,9 +36,7 @@ spec:
|
|||||||
- |
|
- |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
cp /usr/bin/awg /shared-bin/awg
|
cp /usr/bin/awg /shared-bin/awg
|
||||||
cp /lib/ld-musl-x86_64.so.1 /shared-bin/ld-musl-x86_64.so.1
|
chmod 0755 /shared-bin/awg
|
||||||
cp /lib/ld-musl-x86_64.so.1 /shared-bin/libc.musl-x86_64.so.1
|
|
||||||
chmod 0755 /shared-bin/awg /shared-bin/ld-musl-x86_64.so.1 /shared-bin/libc.musl-x86_64.so.1
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: awg-bin
|
- name: awg-bin
|
||||||
mountPath: /shared-bin
|
mountPath: /shared-bin
|
||||||
@@ -81,26 +78,6 @@ spec:
|
|||||||
kubectl create secret generic amneziawg-endpoints -n "${NAMESPACE}" \
|
kubectl create secret generic amneziawg-endpoints -n "${NAMESPACE}" \
|
||||||
--from-literal="${NODE_NAME}=${VALUE}"
|
--from-literal="${NODE_NAME}=${VALUE}"
|
||||||
fi
|
fi
|
||||||
- name: sync-client-secret
|
|
||||||
image: bitnami/kubectl:latest
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
command:
|
|
||||||
- /bin/bash
|
|
||||||
- /scripts/client-secret-sync.sh
|
|
||||||
- once
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: "32Mi"
|
|
||||||
cpu: "10m"
|
|
||||||
limits:
|
|
||||||
memory: "128Mi"
|
|
||||||
cpu: "100m"
|
|
||||||
volumeMounts:
|
|
||||||
- name: scripts
|
|
||||||
mountPath: /scripts
|
|
||||||
readOnly: true
|
|
||||||
- name: runtime-config
|
|
||||||
mountPath: /run/amnezia
|
|
||||||
containers:
|
containers:
|
||||||
- name: amneziawg
|
- name: amneziawg
|
||||||
image: amneziavpn/amneziawg-go:latest
|
image: amneziavpn/amneziawg-go:latest
|
||||||
@@ -149,6 +126,9 @@ spec:
|
|||||||
- name: server-config
|
- name: server-config
|
||||||
mountPath: /etc/amnezia/server
|
mountPath: /etc/amnezia/server
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: client-config
|
||||||
|
mountPath: /etc/amnezia/clients
|
||||||
|
readOnly: true
|
||||||
- name: scripts
|
- name: scripts
|
||||||
mountPath: /scripts
|
mountPath: /scripts
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@@ -180,25 +160,6 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
- name: runtime-config
|
- name: runtime-config
|
||||||
mountPath: /run/amnezia
|
mountPath: /run/amnezia
|
||||||
- name: client-secret-sync
|
|
||||||
image: bitnami/kubectl:latest
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
command:
|
|
||||||
- /bin/bash
|
|
||||||
- /scripts/client-secret-sync.sh
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: "32Mi"
|
|
||||||
cpu: "10m"
|
|
||||||
limits:
|
|
||||||
memory: "128Mi"
|
|
||||||
cpu: "100m"
|
|
||||||
volumeMounts:
|
|
||||||
- name: scripts
|
|
||||||
mountPath: /scripts
|
|
||||||
readOnly: true
|
|
||||||
- name: runtime-config
|
|
||||||
mountPath: /run/amnezia
|
|
||||||
- name: amneziawg-exporter-redis
|
- name: amneziawg-exporter-redis
|
||||||
image: redis:alpine
|
image: redis:alpine
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
@@ -250,14 +211,6 @@ spec:
|
|||||||
mountPath: /usr/bin/awg
|
mountPath: /usr/bin/awg
|
||||||
subPath: awg
|
subPath: awg
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: awg-bin
|
|
||||||
mountPath: /lib/ld-musl-x86_64.so.1
|
|
||||||
subPath: ld-musl-x86_64.so.1
|
|
||||||
readOnly: true
|
|
||||||
- name: awg-bin
|
|
||||||
mountPath: /lib/libc.musl-x86_64.so.1
|
|
||||||
subPath: libc.musl-x86_64.so.1
|
|
||||||
readOnly: true
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: server-config
|
- name: server-config
|
||||||
secret:
|
secret:
|
||||||
@@ -266,6 +219,11 @@ spec:
|
|||||||
items:
|
items:
|
||||||
- key: awg0.conf
|
- key: awg0.conf
|
||||||
path: awg0.conf
|
path: awg0.conf
|
||||||
|
- name: client-config
|
||||||
|
secret:
|
||||||
|
secretName: amneziawg-clients
|
||||||
|
optional: true
|
||||||
|
defaultMode: 0600
|
||||||
- name: scripts
|
- name: scripts
|
||||||
configMap:
|
configMap:
|
||||||
name: amneziawg-scripts
|
name: amneziawg-scripts
|
||||||
|
|||||||
@@ -8,8 +8,8 @@ metadata:
|
|||||||
component: exporter
|
component: exporter
|
||||||
data:
|
data:
|
||||||
redis.conf: |
|
redis.conf: |
|
||||||
bind 127.0.0.1
|
bind 0.0.0.0
|
||||||
protected-mode yes
|
protected-mode no
|
||||||
port 6379
|
port 6379
|
||||||
tcp-backlog 511
|
tcp-backlog 511
|
||||||
timeout 0
|
timeout 0
|
||||||
@@ -21,12 +21,8 @@ data:
|
|||||||
databases 16
|
databases 16
|
||||||
always-show-logo no
|
always-show-logo no
|
||||||
set-proc-title no
|
set-proc-title no
|
||||||
save ""
|
save 3600 1
|
||||||
appendonly no
|
|
||||||
stop-writes-on-bgsave-error no
|
stop-writes-on-bgsave-error no
|
||||||
rdbcompression yes
|
rdbcompression yes
|
||||||
rdbchecksum yes
|
rdbchecksum yes
|
||||||
dir /data
|
dir /data
|
||||||
rename-command CONFIG ""
|
|
||||||
rename-command SAVE ""
|
|
||||||
rename-command BGSAVE ""
|
|
||||||
|
|||||||
Reference in New Issue
Block a user