From c52743df54b129888fc86ce71e7a5a0d90f8dcd6 Mon Sep 17 00:00:00 2001
From: DeveloperDurp <DeveloperDurp@durp.info>
Date: Sat, 22 Mar 2025 10:52:27 -0500
Subject: [PATCH] update

---
 infra/argocd/templates/nebula-sync.yaml     | 20 +++++
 infra/nebula-sync/Chart.yaml                |  7 ++
 infra/nebula-sync/templates/deployment.yaml | 84 +++++++++++++++++++++
 infra/nebula-sync/templates/secrets.yaml    | 27 +++++++
 4 files changed, 138 insertions(+)
 create mode 100644 infra/argocd/templates/nebula-sync.yaml
 create mode 100644 infra/nebula-sync/Chart.yaml
 create mode 100644 infra/nebula-sync/templates/deployment.yaml
 create mode 100644 infra/nebula-sync/templates/secrets.yaml

diff --git a/infra/argocd/templates/nebula-sync.yaml b/infra/argocd/templates/nebula-sync.yaml
new file mode 100644
index 0000000..dea50a7
--- /dev/null
+++ b/infra/argocd/templates/nebula-sync.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nebula-sync
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: infra/nebula-sync
+  destination:
+    namespace: nebula-sync
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
diff --git a/infra/nebula-sync/Chart.yaml b/infra/nebula-sync/Chart.yaml
new file mode 100644
index 0000000..114f728
--- /dev/null
+++ b/infra/nebula-sync/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: nebula-sync
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
diff --git a/infra/nebula-sync/templates/deployment.yaml b/infra/nebula-sync/templates/deployment.yaml
new file mode 100644
index 0000000..08a39a0
--- /dev/null
+++ b/infra/nebula-sync/templates/deployment.yaml
@@ -0,0 +1,84 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: nebula-sync
+  name: nebula-sync
+  labels:
+    app: nebula-sync
+spec:
+  selector:
+    matchLabels:
+      app: nebula-sync
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: nebula-sync
+    spec:
+      volumes:
+      - name: nebula-sync-configmap
+        configMap: 
+          name: nebula-sync-configmap
+          items:
+            - key: .env
+              path: .env
+      containers:
+      - name: nebula-sync
+        image: registry.durp.info/lovelaze/nebula-sync:latest
+        imagePullPolicy: Always
+        volumeMounts:
+        - mountPath: /app
+          name: .env
+        env:
+          - name: PRIMARY
+            valueFrom:
+              secretKeyRef:
+                name: nebula-sync-secret
+                key: ADMIN_TOKEN
+          - name: REPLICAS
+            valueFrom:
+              secretKeyRef:
+                name: nebula-sync-secret
+                key: ADMIN_TOKEN
+
+          - name: FULL_SYNC
+            value: false
+          - name: RUN_GRAVITY
+            value: false
+          - name: CRON
+            value: "*/15 * * * *"
+          - name: CLIENT_SKIP_TLS_VERIFICATION
+            value: true
+          - name: TZ
+            value: America/Chicago
+          - name: SYNC_CONFIG_DNS
+            value: true
+          - name: SYNC_CONFIG_DHCP
+            value: true
+          - name: SYNC_CONFIG_NTP
+            value: true
+          - name: SYNC_CONFIG_RESOLVER
+            value: true
+          - name: SYNC_CONFIG_DATABASE
+            value: true
+          - name: SYNC_CONFIG_MISC
+            value: true
+          - name: SYNC_CONFIG_DEBUG
+            value: true
+          - name: SYNC_GRAVITY_DHCP_LEASES
+            value: true
+          - name: SYNC_GRAVITY_GROUP
+            value: true
+          - name: SYNC_GRAVITY_AD_LIST
+            value: true
+          - name: SYNC_GRAVITY_AD_LIST_BY_GROUP
+            value: true
+          - name: SYNC_GRAVITY_DOMAIN_LIST
+            value: true
+          - name: SYNC_GRAVITY_DOMAIN_LIST_BY_GROUP
+            value: true
+          - name: SYNC_GRAVITY_CLIENT
+            value: true
+          - name: SYNC_GRAVITY_CLIENT_BY_GROUP
+            value: true
+
diff --git a/infra/nebula-sync/templates/secrets.yaml b/infra/nebula-sync/templates/secrets.yaml
new file mode 100644
index 0000000..fa841a3
--- /dev/null
+++ b/infra/nebula-sync/templates/secrets.yaml
@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: nebula-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: nebula-secret
+  data:
+  - secretKey: primary
+    remoteRef:
+      key: kv/pihole
+      property: primary
+  - secretKey: replicas
+    remoteRef:
+      key: kv/pihole
+      property: replicas
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
+