update

2025-03-22 10:52:27 -05:00
parent c95b6fc3d2
commit c52743df54
4 changed files with 138 additions and 0 deletions
--- a/infra/argocd/templates/nebula-sync.yaml
+++ b/infra/argocd/templates/nebula-sync.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nebula-sync
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: infra/nebula-sync
+  destination:
+    namespace: nebula-sync
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/infra/nebula-sync/Chart.yaml
+++ b/infra/nebula-sync/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: nebula-sync
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
--- a/infra/nebula-sync/templates/deployment.yaml
+++ b/infra/nebula-sync/templates/deployment.yaml
@@ -0,0 +1,84 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: nebula-sync
+  name: nebula-sync
+  labels:
+    app: nebula-sync
+spec:
+  selector:
+    matchLabels:
+      app: nebula-sync
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: nebula-sync
+    spec:
+      volumes:
+      - name: nebula-sync-configmap
+        configMap: 
+          name: nebula-sync-configmap
+          items:
+            - key: .env
+              path: .env
+      containers:
+      - name: nebula-sync
+        image: registry.durp.info/lovelaze/nebula-sync:latest
+        imagePullPolicy: Always
+        volumeMounts:
+        - mountPath: /app
+          name: .env
+        env:
+          - name: PRIMARY
+            valueFrom:
+              secretKeyRef:
+                name: nebula-sync-secret
+                key: ADMIN_TOKEN
+          - name: REPLICAS
+            valueFrom:
+              secretKeyRef:
+                name: nebula-sync-secret
+                key: ADMIN_TOKEN
+
+          - name: FULL_SYNC
+            value: false
+          - name: RUN_GRAVITY
+            value: false
+          - name: CRON
+            value: "*/15 * * * *"
+          - name: CLIENT_SKIP_TLS_VERIFICATION
+            value: true
+          - name: TZ
+            value: America/Chicago
+          - name: SYNC_CONFIG_DNS
+            value: true
+          - name: SYNC_CONFIG_DHCP
+            value: true
+          - name: SYNC_CONFIG_NTP
+            value: true
+          - name: SYNC_CONFIG_RESOLVER
+            value: true
+          - name: SYNC_CONFIG_DATABASE
+            value: true
+          - name: SYNC_CONFIG_MISC
+            value: true
+          - name: SYNC_CONFIG_DEBUG
+            value: true
+          - name: SYNC_GRAVITY_DHCP_LEASES
+            value: true
+          - name: SYNC_GRAVITY_GROUP
+            value: true
+          - name: SYNC_GRAVITY_AD_LIST
+            value: true
+          - name: SYNC_GRAVITY_AD_LIST_BY_GROUP
+            value: true
+          - name: SYNC_GRAVITY_DOMAIN_LIST
+            value: true
+          - name: SYNC_GRAVITY_DOMAIN_LIST_BY_GROUP
+            value: true
+          - name: SYNC_GRAVITY_CLIENT
+            value: true
+          - name: SYNC_GRAVITY_CLIENT_BY_GROUP
+            value: true
+
--- a/infra/nebula-sync/templates/secrets.yaml
+++ b/infra/nebula-sync/templates/secrets.yaml
@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: nebula-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: nebula-secret
+  data:
+  - secretKey: primary
+    remoteRef:
+      key: kv/pihole
+      property: primary
+  - secretKey: replicas
+    remoteRef:
+      key: kv/pihole
+      property: replicas
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
+