catalin/fukuops
1
0
Fork 1
Code Issues Pull requests 2 Releases Packages 1 Activity

feat: add pulse
Some checks are pending
checks / pre-commit (push) Waiting to run
Details
checks / k8s (push) Waiting to run
Details
checks / tflint (push) Waiting to run
Details
OpenTofu deployments / authentik (push) Waiting to run
Details
OpenTofu deployments / adguard (push) Waiting to run
Details

Browse source
This commit is contained in:
cătălin 2026-01-28 12:37:28 +01:00
commit aa05c20e2d
No known key found for this signature in database
9 changed files with 195 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

45
k8s/argo-apps/factorio.yaml
View file

@ -1,45 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: factorio
namespace: argocd
spec:
destination:
name: ''
namespace: apps-fuku
server: https://kubernetes.default.svc
sources:
- chart: factorio-server-charts
repoURL: https://sqljames.github.io/factorio-server-charts/
targetRevision: 2.5.*
helm:
valuesObject:
rcon:
passwordSecret: secrets-factorio
nodeSelector:
kubernetes.io/hostname: agent1
image:
tag: latest
factorioServer:
save_name: fukurokuju-space
admin_list:
- Phireh
account:
accountSecret: secrets-factorio
server_settings:
name: factorio-fukurokuju
visibility:
public: false
require_user_verification: false
persistence:
storageClassName: truenas-nfs-csi
serverPassword:
passwordSecret: secrets-factorio
- repoURL: https://git.roboces.dev/catalin/fukuops.git
path: k8s/services/factorio
targetRevision: main
project: fuku
syncPolicy:
automated: {}

43
k8s/argo-apps/pulse.yaml Normal file
View file

@ -0,0 +1,43 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: pulse
namespace: argocd
spec:
destination:
name: ''
namespace: apps-fuku
server: https://kubernetes.default.svc
project: fuku
syncPolicy:
automated: {}
sources:
- repoURL: https://rcourtman.github.io/Pulse
chart: pulse
targetRevision: v5.0.*
helm:
valuesObject:
persistence:
enabled: true
size: 10Gi
storageClass: truenas-nfs-csi
accessModes:
- ReadWriteMany
service:
type: LoadBalancer
ingress:
enabled: true
hosts:
- host: pulse.fukurokuju.dev
paths:
- path: /
pathType: Prefix
tls: []
monitoring:
serviceMonitor:
enabled: true
- path: k8s/services/pulse
repoURL: https://git.roboces.dev/catalin/fukuops.git
targetRevision: main

1
k8s/services/argo/project-fuku.yaml
View file

@ -32,3 +32,4 @@ spec:
- registry-1.docker.io/cloudpirates - registry-1.docker.io/cloudpirates
- https://vmware-tanzu.github.io/helm-charts/ - https://vmware-tanzu.github.io/helm-charts/
- https://helm.runix.net - https://helm.runix.net
- https://rcourtman.github.io/Pulse

105
k8s/services/pulse/ds.yaml Normal file
View file

@ -0,0 +1,105 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pulse-agent
namespace: apps-fuku
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pulse-agent-read
rules:
- apiGroups: [""]
resources: ["nodes", "pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pulse-agent-read
subjects:
- kind: ServiceAccount
name: pulse-agent
namespace: apps-fuku
roleRef:
kind: ClusterRole
name: pulse-agent-read
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: pulse-agent
namespace: apps-fuku
spec:
selector:
matchLabels:
app: pulse-agent
template:
metadata:
labels:
app: pulse-agent
spec:
serviceAccountName: pulse-agent
containers:
- name: pulse-agent
image: rcourtman/pulse:v5.0.17
command: ["/opt/pulse/bin/pulse-agent-linux-amd64"]
args:
- --enable-kubernetes
env:
- name: PULSE_URL
value: "https://pulse.fukurokuju.dev"
- name: PULSE_TOKEN
valueFrom:
secretKeyRef:
name: pulse-agent-secrets
key: PULSE_TOKEN
- name: PULSE_AGENT_ID
value: "k8s-cluster"
- name: PULSE_ENABLE_HOST
value: "true"
- name: HOST_PROC
value: "/host/proc"
- name: HOST_SYS
value: "/host/sys"
- name: HOST_ETC
value: "/host/etc"
- name: PULSE_KUBE_INCLUDE_ALL_PODS
value: "true"
- name: PULSE_KUBE_INCLUDE_ALL_DEPLOYMENTS
value: "true"
securityContext:
privileged: true
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
memory: 512Mi
volumeMounts:
- name: host-proc
mountPath: /host/proc
readOnly: true
- name: host-sys
mountPath: /host/sys
readOnly: true
- name: host-root
mountPath: /host/root
readOnly: true
volumes:
- name: host-proc
hostPath:
path: /proc
- name: host-sys
hostPath:
path: /sys
- name: host-root
hostPath:
path: /
tolerations:
- operator: Exists

17
k8s/services/pulse/sealedsecrets.yaml Normal file
View file

@ -0,0 +1,17 @@
# yamllint disable rule:line-length
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: pulse-agent-secrets
namespace: apps-fuku
spec:
encryptedData:
PULSE_TOKEN: AgBBxrJ80IpJ0RvYKQuN6p3G8vIdSL9nESO9OTAR0NiMjSGZNbNEELKE/a1f2ixQUSsNc/k31c+7GlAi+8PmNC4c7rmRJTe+z3uO/BNNLYeTi7DsEk9/oJZTWn7iOcLogiZJQKxbGozCp/S8zrWisH67N2ZHmzz5UEJAzq57+fBEyAk22/WR0QMfW3oOYHGZFNR5AdAxrdfyRwTvSEOz4R2YlrQKRtOFVIPG/aEaAn42AGYfrq2cLVEiCygjE+8nZQ62TMmQqMiwiCjk5do9uRhhiRimuD78FrNnFU5dSwe/11ji5sSrEPjszPB8O0TBbsCssxfz48cKRm/6IdI9B5pKHYob68Ed8u5UgpRU/ZhUWJLyXuZF/Tgw+WcIsVkQXb3eqQTARBeZueugnA23lnzxh5gjR17wjPw7ePYaLiUWTYikOK5HvgpJyiuB0ev2cjGSqYeeAAn5ewCGM/NODXUAlFdC+N9S7ft1+chJrHoaXgHy8J9LWm/maKW99+yT08a68RvGGoZtFPZNlFjzurNF6EY9SLUFf0RLzShkyq6uuOzLm8gENyDIQ+Ru7wWEwyEcUz4ceAR5I78k0gCIDR1o4Ti22asdbRjMptZdOTbep+PWmu2K1oUvxXtXwgKkn8pvTkJpcdejqehnYPWfRAI3Guxi7LQDf++yShKS1NdXMdjhtFoNLa03xHM/G94sF3/mnJwivNhur1V7iC1yCY5NlruPr4KCd5AgOnKqoreRRvRbCVlFO1mtP6XV4sjqEIhmZyXWFJ76bwAC+hxSlFzL
template:
metadata:
creationTimestamp: null
name: pulse-agent-secrets
namespace: apps-fuku
type: Opaque

6
tofu/adguard/main.tf
View file

@ -85,8 +85,12 @@ resource "adguard_rewrite" "master2" {
answer = "192.168.1.32" answer = "192.168.1.32"
} }
resource "adguard_rewrite" "k3m3" { resource "adguard_rewrite" "k3m3" {
domain = "k3m3.fuku" domain = "k3m3.fuku"
answer = "192.168.1.43" answer = "192.168.1.43"
} }
resource "adguard_rewrite" "pulse" {
answer = "pulse.fukurokuju.dev"
domain = "192.168.1.12"
}

12
tofu/authentik/main.tf
View file

@ -260,3 +260,15 @@ module "jellyseerr" {
app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin" app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin"
app_access_group_id = authentik_group.arrs.id app_access_group_id = authentik_group.arrs.id
} }
module "pulse" {
source = "../modules/authentik-oidc"
app_name = "Pulse"
app_slug = "pulse"
app_url = "https://pulse.fukurokuju.dev"
client_id = var.pulse_client_id
client_secret = var.pulse_client_secret
app_icon = "https://pulse.fukurokuju.dev/logo.svg"
redirect_uris = [{ matching_mode = "strict", url = "https://pulse.fukurokuju.dev/api/oidc/callback" }]
app_access_group_id = authentik_group.admins.id
}

2
tofu/authentik/sample.env
View file

@ -16,3 +16,5 @@ TF_VAR_tandoor_client_id=
TF_VAR_tandoor_client_secret= TF_VAR_tandoor_client_secret=
TF_VAR_ganymede_client_id= TF_VAR_ganymede_client_id=
TF_VAR_ganymede_client_secret= TF_VAR_ganymede_client_secret=
TF_VAR_pulse_client_id=
TF_VAR_pulse_client_secret=

10
tofu/authentik/vars.tf
View file

@ -78,3 +78,13 @@ variable "ganymede_client_secret" {
description = "Ganymede client secret" description = "Ganymede client secret"
type = string type = string
} }
variable "pulse_client_id" {
description = "Pulse client ID"
type = string
}
variable "pulse_client_secret" {
description = "Pulse client secret"
type = string
}