From 94300ac5021a039237090d8fbddbf740cb07acb6 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 1 Feb 2024 21:18:46 -0600 Subject: [PATCH] kitchen: Use SealedSecret template for config The configuration file for the kitchen HUD server has credentials embedded in it. Until I get around to refactoring it to read these from separate locations, we'll make use of the template feature of SealedSecrets. With this feature, fields can refer to the (decrypted) value of other fields using Go template syntax. This makes it possible to have most of the `config.yaml` document unencrypted and easily modifiable, while still protecting the secrets. --- kitchen/kitchen.yaml | 4 +-- kitchen/secrets.yaml | 71 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 2 deletions(-) diff --git a/kitchen/kitchen.yaml b/kitchen/kitchen.yaml index fc3c9bf..90e2bdd 100644 --- a/kitchen/kitchen.yaml +++ b/kitchen/kitchen.yaml @@ -54,8 +54,8 @@ spec: readOnly: true volumes: - name: config - configMap: - name: kitchen + secret: + secretName: kitchen optional: true - name: tzinfo hostPath: diff --git a/kitchen/secrets.yaml b/kitchen/secrets.yaml index 713cb8f..05a1184 100644 --- a/kitchen/secrets.yaml +++ b/kitchen/secrets.yaml @@ -12,3 +12,74 @@ spec: name: imagepull-gitea namespace: kitchen type: kubernetes.io/dockerconfigjson + +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: kitchen + namespace: kitchen +spec: + encryptedData: + homeassistant.token: AgBkwchVoL92wCgulLOyoGhafLj7Vz4Ix5dSYBFIDCunHK30qtsoXqS/EL4k8zjU5+eYjJxju+ysj56Ayz/wvT1g72dm+09ijKs2yXWmUiJLAnKCtOZ1s0q5404Pm/D4/aRklh38kqPDFsAsbVExxMsFrkcA5g2EcZPg6yz2jGiavTIyGRX9uahFCAuF6a/BMifNUeTFBwrP1s9fonBwe4BUV4eYzUPE85FewPgCCnT0Gztyxbt+1/Y/HKhSMHxifpWLBWO8OOKo27urBe7Jir/Dblemg5rPOrj2pIggUg0Rym3ZRHSZyZQVvF4Zq30b7PU+zeYqqcJZsg2ZOPna7PeFriMqP57BMZ39gLCnUU22MQM6CeIKuCYl5tzE5Ygd5SK4lf1avsQUj3LuFMUk3OJaSKAdX+4y4pQbyDV+ppukL+ziaQYKIIWPUDESFyNEswoPKqjk4jjJh7peZuGUs7t599fHzYgZPTeSqwedY+0Eal23Q11Q5TxvHU0hgJEECEC9RZRuJMHAKHVkgXYlco/n4Ka8dYXbgYAjflRhH995n9EY05hRBDW/lYwTxaM6nTK2VjzvCnkFVWq4HdJ/mfwqeRY5mxdTrKr0Xgg7lVP/xTsMy5/aHTCQR3hpAZoUK4W4nqTYlQv2RACETMZwQP/tF/lTcC+59beETlUO6pOvqp3IOq1Ah6NbUzM73hszKn3o3lAlVQG0FO2WT0OHrrbPPsiZX/8Y5mzpROwLKKrOMcEr3Bq5rQIsI7kqi1fS1mFIb+W5P7sbKjQlzit0xNo9HYs7dc/0yCdDRZK5KXe+mFC4CttWFiO+UoLsidBnRI/+wFXT1Y8aO1ad1QZC63hCCKao3Oty4q0B5EBBT4g2mygJixfz+L4Pw3eeV+nLp1x2vBahfevuDK3KfJji5g5pOFoxPmp/qKGJO7pq2juntgSGshe35qA= + nextcloud.password: AgAofzy2WrVN7ekNwxOCZT1599OIsO2hBJtBqVRPG2v9gpqxkj/UKPF4rKs73rIp5la4yeb7fRKJdL40m4synOIwQAmVTn6LW9emG4r+6GWHfqvhXhcGgGcUKl0oRn22+5e3QQLpta+qO8GFcEysNCQTSkzQsV87oU38p2/LiRbzlu8FiY63HYw2mGN1wiH91oDpdcS3Wfpeb5O9fQp+ab6zlngIXXdHTjxfusQ+YPFf2u8887FyKLxPC5ktgVFVx7rYAEzWajG8VzMqsTE/YWeQrkyKBRFGrwXFpFUDYwOczZiCmaPo5+qxeeUKCT8m+8D/+kiIRQqrzoulOmdQ5KT70WndkuAuEVNIzSXJzNxXs/85CCNkGbGHrE/Rv/sK1yCpMHvNNaJriNeamDAgPYV/fM3Ag6nNmQLwYZLshij+BXUng2p2/qP3YFIpDpKshLJeOMAWpHg2VUZZPOkj3UFvFItdKYtRKw2p4XNg2dUrQZUgZ8TE3MRcUaIgq00kd940htBEQc9FbF1C9XJpbV5Fe93tYYP8oMGauGSKviimZL7v4kGwJICMO2pYWDNx/D/WXkEu8o4W3K0gJ/koIJVJrd4/UME28eQCwgUa5/+a0kitynegOiDijIlNBRxnMdI9ojZ0g8K7MSrw1De0fZYpW7OxTHWtbhLT1z4sCuMxolOQfAk93dKVQgUWgDXtJUmnXhhvcEthW2a4Ez610w5P3mmkzkhBBfQ8h/VehxJ5kN5DHdWpkfmFvDcGkIb2 + template: + metadata: + name: kitchen + namespace: kitchen + data: + config.yaml: | + __credentials: &credentials + username: kitchen + password: >- + {{ index . "nextcloud.password" }} + + __calendars: + tabitha: &tabitha_work + <<: *credentials + calendar_url: >- + https://nextcloud.pyrocufflink.net/remote.php/dav/calendars/B53DE34E-D21F-46AA-B0F4-1EC0933AE220/7c565cd0-a8f1-4ea7-b022-3c1251233e91_shared_by_53070922-AC26-4920-83FD-74879F5ED3EE/ + shared: &shared_calendar + <<: *credentials + calendar_url: >- + https://nextcloud.pyrocufflink.net/remote.php/dav/calendars/B53DE34E-D21F-46AA-B0F4-1EC0933AE220/shared_shared_by_332E433E-43B2-4E3D-A0A0-EB264C624707/ + projects: &projects_calendar + <<: *credentials + calendar_url: >- + https://nextcloud.pyrocufflink.net/remote.php/dav/calendars/B53DE34E-D21F-46AA-B0F4-1EC0933AE220/projects_shared_by_332E433E-43B2-4E3D-A0A0-EB264C624707/ + dtex: &dtex + calendar_url: >- + https://outlook.office365.com/owa/calendar/0f775a4f7bba4abe91d2684668b0b04f@dtexsystems.com/5f42742af8ae4f8daaa810e1efca6e9e8531195936760897056/S-1-8-960331003-2552388381-4206165038-1812416686/reachcalendar.ics + + agenda: + calendars: + - *shared_calendar + - *tabitha_work + - *dtex + events: *shared_calendar + tasks: *shared_calendar + projects: *projects_calendar + + mqtt: + hostname: homeassistant.pyrocufflink.blue + port: 8883 + tls: true + username: kitchen + password: kitchen + + metrics: + url: https://vmselect.victoria-metrics/select/ + + weather: + metrics: + temperature: >- + homeassistant_sensor_temperature_celsius{entity="sensor.outdoor_temperature"} + humidity: >- + homeassistant_sensor_humidity_percent{entity="sensor.outdoor_humidity"} + wind_speed: >- + homeassistant_sensor_unit_m_per_s{entity="sensor.wind_speed"} + + homeassistant: + url: wss://homeassistant.pyrocufflink.blue/api/websocket + access_token: >- + {{ index . "homeassistant.token" }}