home-assistant: Clean up restart_diddy_mopidy

Moving the shell command to an external script allows me to update it
without having to restart Home Assistant.

Including the SSH private key in the Secret not only allows it to be
managed by Kubernetes, but also works around a permissions issue when
storing the key in the `/config` volume.  The `ssh` command refuses to
use a key file with write permission for the group or other fields, but
the Kubelet sets `g=rw` when `fsGroup` is set on the pod.

home-assistant/kustomization.yaml

@@ -25,6 +25,7 @@ configMapGenerator:
   - configuration.yaml
   - event-snapshot.sh
   - groups.yaml
+  - restart-diddy-mopidy.sh
   - shell-command.yaml
   options:
     disableNameSuffixHash: true

home-assistant/restart-diddy-mopidy.sh

@@ -0,0 +1,2 @@
+set -e
+ssh -i /run/secrets/home-assistant/sshkey.pem -oUserKnownHostsFile=/config/ssh_known_hosts -oBatchMode=yes pi@diddy.pyrocufflink.red restart-mopidy

home-assistant/secrets.yaml

@@ -27,6 +27,7 @@ metadata:
 spec:
   encryptedData:
     secrets.yaml: AgAcQGBxXTW6s/4lcGoyKYn9NL7h4L8rbFeC87GbXQunVD4h37kiET55c5AgSj95X0Y8Vn9EYgd85xY5vDjxkAQ8qmcBL0SlrHuAxlRONoVDIgUmGIk91p4boVXp4Db+DzvtezjCruraIh4MgVQS9nS30MG3PWb/IfsHeaGNAyIL6OCdJYWTIUD9ceCdCNrTCeK45qow+ZHYhwpw6puXLQEq45j1UX1fgCsnNfYxDXRoW/vOwFLnOfN6JTjSyu28Qo4jIqu0iF26hMViU+ok/eYzC9J0fpfwGHhDdGMI29cWYyTS+L0BBbV37mMPx7UKYShweL6kK6Ar2ewB6tFQzr4eHcX6Qb8EuNYKBHz9kLrgZp54diUuiX1thjwbSLkv+HJa4voKyvsab3Nug4FJPlvg6R6J852dpmFK1ElK5ejkGaqfvT0iqGA1AvQe51FOSOARjC9/g29i6T5S5+5Cc3igJdfiadd3vTWTKpR0kf7mvoL4MT4OGPvir2O1bjXB5Mv9zDt2Cm+ZD5ve3n4Dq5WqOvkJN9FJMRe04rM1a1yP8lSzuil20OVDc1N4wrCtPJ71bqsNpLAbsYy2E/t2gU1UVM+HkkA9FucAQs5fs8Fe5fYsYLg6zUtM6i9fB+Y1JbAY9GWYMAA+enkrkAHLqxxFF1g5Dc9cpmyP+1fu5jy2BF0GfmIPuyuUTch/20pngnoFLM9JdkRP0SkgJ4/wtAnWKY1twbUPjb/L53rEpZWICPbJjR19Y1FycDwAauZmTmg8ZQ0ro1uh77rbTsCmViUKwXsrSUTY7mGmD5q4LCtRZqWRBDt3Hl5jHvhzvUSGeso+YnnaLr6GXYdRkibxWA5X6SG1iBHoQzKqUPO28Ybsnv6Au4RloDU2TAAUNnl32L0Kq4yjIwlAq9r2ASWwgUJUqU12i3wnC4iHrE6jeLQSQ6yrkJOrUyizaPJWfr/4JFeLVOcBM1SjR0y/dtuWnPvgItsTHwDJyw==
+    sshkey.pem: AgAO3JhY5nUDWXwCobrhuLun514j53GMixhlgTVJypYhxCC+nKfnMv0dFeU4dVlKgwLgncmbrYxL/QS6lCIVxDeKmwaBu8bg8bouHnQkhZlTxveMGhzzc/PNCR43hubPeS9t99s/YyEjj6lw3ApoVxneNaYoqGVdhZk2IzNy17I/4RFBwp4TpTw1Fz8TR8QYKWnrFcghWsI8iQbg8CmLFepako/OlAdp/p2B5ADwsp+3iu5JJtO2W5eleAPu0JvJRRfIy9HAZm1VEA5oc8ahrU0lO1DRwBpdvJDEb+mRM/5EGZnxegOOWAOIbYqO3dYZz4rl+AfSh2cH8ubhscAsVo6xjzV75a/oyQDxPl+xb3gqVs8GGZLlIlyL0KAv1/G5bWOKSqH86uzmkvgABRGUDjbpRM1WBMEIM52qn2qC41gFecXPZ2lDKDeEM/ENbmAPnDyJbptY7Iy94lt+eTU1I9a9dK+lrlUS5J7z9Hl6xUsBlhiVF6rTufFuiwcDLlkbNe0p7xGqsKAVvzcbGotNRF0030GTpspJuy1oRydGckVIwsebGEOAK4mg0W8xdBtCpQQ/6/qpFn+T8f03S1XAOGlS4IxmnogkwuG+bRw9FNLaFQlE4RRiCxou8OF/UV+h7LXE4xlqn5motRV8aHOT41VMF81XRwjHWVZh+9Yps7bIngclAjxksDTGWJJRaJaaiJNsRkqzv6fJlhzNDoorjrF8K8xJxno5rmEuh7eDuyns7lgHZVJ4/IghLoRO8T1sgaqx4qkMoPkgcAt+Z1witMq40DEwLy3sCZ9qLNecxMr5HxBuRcja46TUVbsmhEv8gfVGQOYScF4YOZKSk1UDK2Ls16lnnskBy++f8eoeBnHqr4SmyXzCPEBPYTIw0HNsj0pB1JTAvGuXGEKO9d29DEtSHumhqJGKM9OEcEb2rMdHt5GMQlWQIlDDuZiCKPPAoQKF5fkZTwn8lj6wo/UsJh6tYbtXN12Bd5r2FEcpX6ELo0HeKgu1TAICPCg/FF/NPdcubGxMaUotLyY0tGxuy/4RJIBfF71/OwTbEadnj94uHQ9at6EdI56+yiL5hDOQSCMGCtPZ4H94rdw7RkB0bncaxkYZ3d/yFUdUXP1NP6TyL3HJNux1xNcu1Vrl93b0qB4IBwc3YmoGSbzosBae6js4GCHpMF92XMbEsagloPFcwn3NX3oxReckbHmjaIz7OpeUrMk5hkR/0zjjp/NJ8zc=
   template:
     metadata:
       name: home-assistant

home-assistant/shell-command.yaml

@@ -2,4 +2,4 @@ event_snapshot: >-
   sh /run/config/event-snapshot.sh {{ event_id }}
 
 restart_diddy_mopidy: >-
-  ssh -i /config/homeassistant-ssh.pem -oUserKnownHostsFile=/config/ssh_known_hosts -oBatchMode=yes pi@diddy.pyrocufflink.red restart-mopidy
+  sh /run/config/restart-diddy-mopidy.sh