Merge pull request #4629 from tyriis/feature/home-assistant-storage-m…

…igration feat(home-assistant): provision 2nd volume
tyriis · Feb 24, 2025 · 755c5ef · 755c5ef
2 parents f9ce68c + dc76578
commit 755c5ef
Show file tree

Hide file tree

Showing 6 changed files with 123 additions and 2 deletions.
diff --git a/kubernetes/talos-flux/apps/home-automation/home-assistant/app/kustomization.yaml b/kubernetes/talos-flux/apps/home-automation/home-assistant/app/kustomization.yaml
@@ -5,9 +5,11 @@ kind: Kustomization
 namespace: home-automation
 resources:
   # - database.yaml # only required for init
+  - secret.sops.yaml
   - home-assistant-ssh.sops.yaml
   - home-assistant-secrets.sops.yaml
   - storage-class.yaml
   - persistent-volume.yaml
+  - replication-destination.yaml
   - persistent-volume-claim.yaml
   - helm-release.yaml
diff --git a/kubernetes/talos-flux/apps/home-automation/home-assistant/app/persistent-volume-claim.yaml b/kubernetes/talos-flux/apps/home-automation/home-assistant/app/persistent-volume-claim.yaml
@@ -14,3 +14,21 @@ spec:
       storage: 10Gi
   volumeName: home-assistant-data
   storageClassName: home-assistant
+
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: home-assistant-config
+spec:
+  accessModes:
+    - ReadWriteOnce
+  dataSourceRef:
+    kind: ReplicationDestination
+    apiGroup: volsync.backube
+    name: home-assistant-config
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: ceph-block
diff --git a/kubernetes/talos-flux/apps/home-automation/home-assistant/app/replication-destination.yaml b/kubernetes/talos-flux/apps/home-automation/home-assistant/app/replication-destination.yaml
@@ -0,0 +1,31 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+  name: home-assistant-config
+  labels:
+    # https://fluxcd.io/flux/components/kustomize/kustomizations/#controlling-the-apply-behavior-of-resources
+    kustomize.toolkit.fluxcd.io/ssa: IfNotPresent
+spec:
+  trigger:
+    manual: restore-once
+  restic:
+    repository: home-assistant-volsync
+    copyMethod: Snapshot
+    volumeSnapshotClassName: csi-ceph-blockpool
+    cacheStorageClassName: ceph-block
+    cacheAccessModes:
+      - ReadWriteOnce
+    cacheCapacity: 10Mi
+    storageClassName: ceph-block
+    accessModes:
+      - ReadWriteOnce
+    capacity: 10Mi
+    moverSecurityContext:
+      runAsUser: 1000
+      runAsGroup: 1000
+      fsGroup: 1000
+    enableFileDeletion: true
+    cleanupCachePVC: true
+    cleanupTempPVC: true
diff --git a/kubernetes/talos-flux/apps/home-automation/home-assistant/app/replication-source.yaml b/kubernetes/talos-flux/apps/home-automation/home-assistant/app/replication-source.yaml
@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: home-assistant-config
+spec:
+  sourcePVC: home-assistant-config
+  trigger:
+    schedule: "17 2 * * *" # 2:17 AM
+  restic:
+    copyMethod: Snapshot
+    pruneIntervalDays: 1
+    repository: home-assistant-volsync
+    volumeSnapshotClassName: csi-ceph-blockpool
+    cacheCapacity: 10Mi
+    cacheStorageClassName: ceph-block
+    cacheAccessModes:
+      - ReadWriteOnce
+    storageClassName: ceph-block
+    accessModes:
+      - ReadWriteOnce
+    moverSecurityContext:
+      runAsUser: 1000
+      runAsGroup: 1000
+      fsGroup: 1000
+    retain:
+      hourly: 24
diff --git a/kubernetes/talos-flux/apps/home-automation/home-assistant/app/secret.sops.yaml b/kubernetes/talos-flux/apps/home-automation/home-assistant/app/secret.sops.yaml
@@ -0,0 +1,31 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: home-assistant-volsync
+type: Opaque
+stringData:
+    RESTIC_REPOSITORY: ENC[AES256_GCM,data:431IJSeR+xreLPKz7+6AWXH7f32X3we4hw8nvueJvtn0wgFxGEQNws3iVGxx6W06RBKtfi8CZnsTRQ9aU81KHAtIxuOgk8dRcwEzXg==,iv:0L1kELP7u4ttwKJKP6XJs3QqvralBFTsYlcMfOXJNDc=,tag:IDxVY2nA/TjUJBMcAhAq1w==,type:str]
+    RESTIC_PASSWORD: ENC[AES256_GCM,data:SbS4XPYKY2h8maoDI62GbFr4Bu74DjmC6OXUR79kJKjeHGJLTyJcjPpwxYr5p2mdnbg6F8/Eo6iefvXx76auWg==,iv:LECtv+wJqsDLPBHqKlp9DhmBFJCmlDe3IkXLS5159kk=,tag:4IpMlcoUKG+46HMWPpoQUA==,type:str]
+    AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:JEXZW41lEw==,iv:pduvJsbyBRNMiP6rJ5T7mz79rdW5VLpR/Y3lOXHKU8A=,tag:HZKS59FvxO4FwZrb3LhKmg==,type:str]
+    AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:aguU70F7QhX2FSEJFmknY8+31PbPIXdF0iGArAkBIihiGhAfOMkD6upDfpZmuZYQcJJgRPpH2jk=,iv:I/9UIpgz0uXHzhhlbV4481gS9KRtm1ZhzvoxJScGsxg=,tag:ax0t2h1ltyPkk+0TgnMCIg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age16zqeqx5y6ay3flwz0d06rn83yjv9ckys3j8tpkysf9v6295fhc6sf4r0uj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYjdZeVptaDlPZW9idmtP
+            UkRGdmxyb0REM2s4dnZVSERQNFFSRHlqVkcwClJlZHVhQUVnUm16QVloazMyUUFx
+            Q24vakF5RUEvMTExZ0lPa1RXblFEV3cKLS0tIFNMcGx3NzRQT0U4MTZER0FQUzh3
+            SThDODl4ZFFMMUlxM3BneWlrNDdjdUUKm16agevW+HLV4al0q2m5W/SyS84E5SXh
+            QfWlkG1byRaLRQ+tMeTuCN0tk2A2asmSPygQ1IKo4AO9kMirDEjQ6w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-02-24T21:44:12Z"
+    mac: ENC[AES256_GCM,data:si+K9/mhZ2Eim/4L3x8erZTSBkR1PRyJ+sc+IbKzAOXMdGoo8Nowjt2ruuQN5xMfN+UjJXEr6nXZmy35xDpS3oA0d55zcU3KIXNO/rI6q6+W3ZCXhy4X5demz8sIp5bnHS5d4dDZFG3OyjHPSc9nB4NSjExemDrcdpUmY4SDhyE=,iv:PF40/DBMvkh+awvfhFMf3Maq/EKsYTXz5GDz1vcw2QY=,tag:gailOcA+GBDsnCqQ9eaAaQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.4
diff --git a/kubernetes/talos-flux/apps/home-automation/home-assistant/flux-sync.yaml b/kubernetes/talos-flux/apps/home-automation/home-assistant/flux-sync.yaml
@@ -3,18 +3,29 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: apps-home-assistant
+  name: &appname apps-home-assistant
   namespace: flux-system
   annotations:
     backstage.io/discovery: enabled
     backstage.io/name: home-assistant
   labels:
     substitution.flux.home.arpa/enabled: "true"
 spec:
-  interval: 10m
+  targetNamespace: home-automation
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: home-assistant
   path: ./kubernetes/talos-flux/apps/home-automation/home-assistant/app
   prune: true
   sourceRef:
     kind: GitRepository
     name: home-ops
   wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  dependsOn:
+    # - name: apps-external-secrets-stores
+    - name: apps-cloudnative-pg-cluster
+    - name: apps-volsync
+    - name: apps-rook-ceph-cluster