Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gitea Actions Bot
|
75db626903 |
@@ -42,6 +42,7 @@ ArgoCD homelab project
|
||||
|
||||
| Application | Status |
|
||||
| :--- | :---: |
|
||||
| **amnezia** | [](https://ag.hexor.cy/applications/argocd/amnezia) |
|
||||
| **comfyui** | [](https://ag.hexor.cy/applications/argocd/comfyui) |
|
||||
| **furumi** | [](https://ag.hexor.cy/applications/argocd/furumi) |
|
||||
| **gitea** | [](https://ag.hexor.cy/applications/argocd/gitea) |
|
||||
@@ -53,6 +54,7 @@ ArgoCD homelab project
|
||||
| **k8s-secrets** | [](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
|
||||
| **khm** | [](https://ag.hexor.cy/applications/argocd/khm) |
|
||||
| **lidarr** | [](https://ag.hexor.cy/applications/argocd/lidarr) |
|
||||
| **llamacpp** | [](https://ag.hexor.cy/applications/argocd/llamacpp) |
|
||||
| **matrix** | [](https://ag.hexor.cy/applications/argocd/matrix) |
|
||||
| **mtproxy** | [](https://ag.hexor.cy/applications/argocd/mtproxy) |
|
||||
| **n8n** | [](https://ag.hexor.cy/applications/argocd/n8n) |
|
||||
|
||||
@@ -126,7 +126,7 @@ data:
|
||||
set -euo pipefail
|
||||
|
||||
SERVER_CONFIG="/etc/amnezia/server/awg0.conf"
|
||||
CLIENTS_DIR="${AMNEZIAWG_CLIENTS_DIR:-/run/amnezia/clients}"
|
||||
CLIENTS_DIR="/etc/amnezia/clients"
|
||||
RUNTIME_CONFIG="/run/amnezia/awg0.conf"
|
||||
SYNC_CONFIG="/run/amnezia/awg0.sync.conf"
|
||||
STATUS_FILE="/run/amnezia/reload-status"
|
||||
@@ -229,62 +229,6 @@ data:
|
||||
write_reload_status applied "${initial_hash}"
|
||||
watch_client_config "${initial_hash}"
|
||||
|
||||
client-secret-sync.sh: |
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
CLIENT_SECRET="${AMNEZIAWG_CLIENT_SECRET:-amneziawg-clients}"
|
||||
CLIENT_SECRET_KEY="${AMNEZIAWG_CLIENT_SECRET_KEY:-peers.conf}"
|
||||
CLIENTS_DIR="${AMNEZIAWG_CLIENTS_DIR:-/run/amnezia/clients}"
|
||||
PEERS_FILE="${CLIENTS_DIR}/peers.conf"
|
||||
SYNC_INTERVAL="${AMNEZIAWG_CLIENT_SECRET_SYNC_INTERVAL:-5}"
|
||||
NAMESPACE="${POD_NAMESPACE:-$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)}"
|
||||
|
||||
write_empty_once() {
|
||||
mkdir -p "${CLIENTS_DIR}"
|
||||
if [ ! -f "${PEERS_FILE}" ]; then
|
||||
: > "${PEERS_FILE}"
|
||||
chmod 0600 "${PEERS_FILE}"
|
||||
fi
|
||||
}
|
||||
|
||||
sync_once() {
|
||||
mkdir -p "${CLIENTS_DIR}"
|
||||
local tmp_file="${PEERS_FILE}.tmp"
|
||||
local encoded=""
|
||||
|
||||
if ! encoded="$(kubectl get secret "${CLIENT_SECRET}" -n "${NAMESPACE}" -o "go-template={{ index .data \"${CLIENT_SECRET_KEY}\" }}" 2>/dev/null)"; then
|
||||
echo "WARN: failed to read Secret ${NAMESPACE}/${CLIENT_SECRET}; keeping current peers" >&2
|
||||
write_empty_once
|
||||
return 0
|
||||
fi
|
||||
|
||||
if [ -n "${encoded}" ]; then
|
||||
printf '%s' "${encoded}" | base64 -d > "${tmp_file}"
|
||||
else
|
||||
: > "${tmp_file}"
|
||||
fi
|
||||
chmod 0600 "${tmp_file}"
|
||||
|
||||
if [ -f "${PEERS_FILE}" ] && cmp -s "${tmp_file}" "${PEERS_FILE}"; then
|
||||
rm -f "${tmp_file}"
|
||||
return 0
|
||||
fi
|
||||
|
||||
mv "${tmp_file}" "${PEERS_FILE}"
|
||||
echo "Synced AmneziaWG client peers from Secret ${NAMESPACE}/${CLIENT_SECRET}:${CLIENT_SECRET_KEY}"
|
||||
}
|
||||
|
||||
if [ "${1:-}" = "once" ]; then
|
||||
sync_once
|
||||
exit 0
|
||||
fi
|
||||
|
||||
while true; do
|
||||
sync_once || true
|
||||
sleep "${SYNC_INTERVAL}"
|
||||
done
|
||||
|
||||
status-patch.sh: |
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
@@ -6,7 +6,6 @@ metadata:
|
||||
labels:
|
||||
app: amneziawg
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "false"
|
||||
secret.reloader.stakater.com/reload: "amneziawg-server"
|
||||
configmap.reloader.stakater.com/reload: "amneziawg-scripts"
|
||||
spec:
|
||||
@@ -79,26 +78,6 @@ spec:
|
||||
kubectl create secret generic amneziawg-endpoints -n "${NAMESPACE}" \
|
||||
--from-literal="${NODE_NAME}=${VALUE}"
|
||||
fi
|
||||
- name: sync-client-secret
|
||||
image: bitnami/kubectl:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/bash
|
||||
- /scripts/client-secret-sync.sh
|
||||
- once
|
||||
resources:
|
||||
requests:
|
||||
memory: "32Mi"
|
||||
cpu: "10m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
volumeMounts:
|
||||
- name: scripts
|
||||
mountPath: /scripts
|
||||
readOnly: true
|
||||
- name: runtime-config
|
||||
mountPath: /run/amnezia
|
||||
containers:
|
||||
- name: amneziawg
|
||||
image: amneziavpn/amneziawg-go:latest
|
||||
@@ -147,6 +126,9 @@ spec:
|
||||
- name: server-config
|
||||
mountPath: /etc/amnezia/server
|
||||
readOnly: true
|
||||
- name: client-config
|
||||
mountPath: /etc/amnezia/clients
|
||||
readOnly: true
|
||||
- name: scripts
|
||||
mountPath: /scripts
|
||||
readOnly: true
|
||||
@@ -178,25 +160,6 @@ spec:
|
||||
readOnly: true
|
||||
- name: runtime-config
|
||||
mountPath: /run/amnezia
|
||||
- name: client-secret-sync
|
||||
image: bitnami/kubectl:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/bash
|
||||
- /scripts/client-secret-sync.sh
|
||||
resources:
|
||||
requests:
|
||||
memory: "32Mi"
|
||||
cpu: "10m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
volumeMounts:
|
||||
- name: scripts
|
||||
mountPath: /scripts
|
||||
readOnly: true
|
||||
- name: runtime-config
|
||||
mountPath: /run/amnezia
|
||||
- name: amneziawg-exporter-redis
|
||||
image: redis:alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
@@ -256,6 +219,11 @@ spec:
|
||||
items:
|
||||
- key: awg0.conf
|
||||
path: awg0.conf
|
||||
- name: client-config
|
||||
secret:
|
||||
secretName: amneziawg-clients
|
||||
optional: true
|
||||
defaultMode: 0600
|
||||
- name: scripts
|
||||
configMap:
|
||||
name: amneziawg-scripts
|
||||
|
||||
Reference in New Issue
Block a user