feat(helm): install homepage

kubernetes/raspberry/home/homepage/app/config.yaml

@@ -0,0 +1,104 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: homepage-config
+  namespace: home
+data:
+  bookmarks.yaml: |
+    - Developer:
+        - Github:
+            - abbr: GH
+              href: https://github.com/
+    - Social:
+        - Reddit:
+            - icon: reddit.png
+              href: https://reddit.com/
+              description: The front page of the internet
+    - Entertainment:
+        - YouTube:
+            - abbr: YT
+              href: https://youtube.com/
+    - Fitness:
+        - Polar:
+            - abbr: PF
+              href: https://flow.polar.com/
+        - Strava:
+            - abbr: ST
+              href: https://www.strava.com/
+  custom.css: ""
+  custom.js: ""
+  docker.yaml: ""
+  kubernetes.yaml: |
+    mode: cluster
+  services.yaml: |
+    - Network:
+        - Cloudflare:
+            icon: cloudflare.png
+            href: https://dash.cloudflare.com/
+            description: Cloudflare Tunnel Management
+            widget:
+              type: cloudflared
+              accountid: {{HOMEPAGE_VAR_CLOUDFLARE_ACCOUNT_ID}}
+              tunnelid: {{HOMEPAGE_VAR_CLOUDFLARE_TUNNEL_ID}}
+              key: {{HOMEPAGE_VAR_CLOUDFLARE_API_TOKEN}}
+        - Proxmox:
+            href: https://tank.web3.wiki.br:8006
+            icon: proxmox.png
+            widget:
+              type: proxmox
+              fields: ["vms", "resources.mem"]
+              url: https://192.168.0.15:8006
+              username: "{{HOMEPAGE_VAR_PROXMOX_TOKEN_ID}}"
+              password: "{{HOMEPAGE_VAR_PROXMOX_TOKEN_SECRET}}"
+        - Pihole:
+            href: http://192.168.0.8
+            icon: pi-hole.png
+            widget:
+              type: pihole
+              fields: ["queries", "blocked"]
+              url: http://192.168.0.8
+              key: {{HOMEPAGE_VAR_PIHOLE_TOKEN}}
+  settings.yaml: |
+    title: Homelab
+    startUrl: https://web3.wiki.br
+    theme: dark
+    quicklaunch:
+      hideInternetSearch: true
+      showSearchSuggestions: true
+      hideVisitURL: true
+    layout:
+      Media:
+        style: row
+        columns: 3
+        icon: mdi-television
+      Monitoring:
+        style: row
+        columns: 3
+        icon: mdi-chart-line
+      Storage:
+        style: row
+        columns: 2
+        icon: mdi-database
+      Network:
+        icon: mdi-lan
+        style: row
+        columns: 2
+  widgets.yaml: |
+    - kubernetes:
+        cluster:
+          show: true
+          cpu: true
+          memory: true
+          showLabel: true
+        nodes:
+          show: true
+          cpu: true
+          memory: true
+          showLabel: true
+    - openmeteo:
+        label: Tyresö
+        latitude: 59.23
+        longitude: 18.22
+        timezone: Europe/Stockholm
+        units: metric
+        cache: 5

kubernetes/raspberry/home/homepage/app/helmrelease.yaml

@@ -0,0 +1,92 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app homepage
+  namespace: &namespace home
+spec:
+  interval: 1h
+  timeout: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        namespace: flux-system
+        name: bjw-s
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      homepage:
+        annotations:
+          configmap.reloader.stakater.com/reload: homepage-config
+        strategy: RollingUpdate
+        serviceAccount:
+          name: homepage
+        containers:
+          app:
+            image:
+              repository: ghcr.io/gethomepage/homepage
+              tag: v0.9.10@sha256:671c2ed1a61b5dfbb9a1998c8738c3aeb1acf11adbc12563f81fcf4fd9802198
+              pullPolicy: IfNotPresent
+            env:
+              TZ: ${TIMEZONE}
+            envFrom:
+              - secretRef:
+                  name: homepage-secret
+            probes:
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+    service:
+      homepage:
+        controller: homepage
+        ports:
+          http:
+            port: &port 3000
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: homepage-config
+        globalMounts:
+          - path: /app/config
+      logs:
+        enabled: true
+        type: emptyDir
+        globalMounts:
+          - path: /app/config/logs
+    ingress:
+      homepage:
+        enabled: true
+        className: internal
+        hosts:
+          - host: &host ${SECRET_DOMAIN}
+            paths:
+              - path: /
+                service:
+                  identifier: homepage
+                  port: http
+        tls:
+          - hosts:
+              - *host

kubernetes/raspberry/home/homepage/app/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: home
+resources:
+  - config.yaml
+  - helmrelease.yaml
+  - rbac.yaml
+  - secret.sops.yaml

kubernetes/raspberry/home/homepage/app/rbac.yaml

@@ -0,0 +1,49 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: homepage
+  namespace: home
+  labels:
+    app.kubernetes.io/name: homepage
+rules:
+  - apiGroups:
+      - ""
+    verbs:
+      - get
+      - list
+    resources:
+      - namespaces
+      - pods
+      - nodes
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    verbs:
+      - get
+      - list
+    resources:
+      - ingresses
+  - apiGroups:
+      - metrics.k8s.io
+    verbs:
+      - get
+      - list
+    resources:
+      - nodes
+      - pods
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: homepage
+  namespace: home
+  labels:
+    app.kubernetes.io/name: homepage
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: homepage
+subjects:
+  - kind: ServiceAccount
+    name: homepage
+    namespace: home

kubernetes/raspberry/home/homepage/app/secret.sops.yaml

@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: homepage-secret
+    namespace: home
+data:
+    HOMEPAGE_VAR_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:wDOnL9VuOpTZyzcPJUm6YiT0Vwwsqtpr0hO5yuWnWH12Mz057ndpLdFtguo=,iv:o9iU2BnJ+/tJCNSdy5SRniOd44XkngRuRwTO/oP7dqY=,tag:/unVfUByfvceM9inc7ArDQ==,type:str]
+    HOMEPAGE_VAR_CLOUDFLARE_API_TOKEN: ENC[AES256_GCM,data:5tO+yAyRDvqp77rXotMCoM8YlMyicEMyKpidTZyE9J2nqHsANCP8DYG0fQGInkxt1vXdJhXSKPE=,iv:UdB7pwryQlB2nBRbqqmNnT6VqYHblKXBh3kgxUl/vbo=,tag:y3SYSnp2fTqpgDqA6fJhEw==,type:str]
+    HOMEPAGE_VAR_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:aICkbjy1ycrgn0qiDyD+fTR9zDVMIZkGDIMZB3P3jn0RO494zKNnu4G1yF8KG4mZ,iv:40t6h3ovUlLLZMWg0pIIzOIB1YK5GBvhNvPM8PFOEw4=,tag:z6qCBfLgwXJpWAwZ4yX8Pw==,type:str]
+    HOMEPAGE_VAR_PIHOLE_TOKEN: ENC[AES256_GCM,data:9OqcgbGFaMj/HqPNdNuB52zgBptKnNI0QByfSRvDq1Lw8FOQmS+z/ewum7V36mT6xXzVc9o3u/Jr3JEiJe7O1o6I8EInXoEEMmPnE5EasCu+ij0GH4I3sg==,iv:KraybeD8sEfNe91fCy6rDGqSs8C8xOV3g6NnbcR9GYc=,tag:pN0Mbo8p5A/I3qsmZvNeuA==,type:str]
+    HOMEPAGE_VAR_PROXMOX_TOKEN_ID: ENC[AES256_GCM,data:I/Iw7pfYaN/K0tWB5zl3MueAqKndnVh9,iv:QFcd7u7qpf4EFkQo6DG28kPk+UZ13drJs5pvgX/MyjQ=,tag:lE4d/G7aBuvMEg9mk8ALzQ==,type:str]
+    HOMEPAGE_VAR_PROXMOX_TOKEN_SECRET: ENC[AES256_GCM,data:A1wF5m7XkPuithjRSC5EyjU32qdOEf6KzW9lT45BoayjIGgwB7mosIzmh+PiyeyE,iv:p7DCIC413OmF3GGRsOoUhgDoMB1eIY9fV0rLcvcv9+w=,tag:E+G02vZqoYxl+XdrGgXd+A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1nkvss2a8xvmjauvr5mxzm233hyh2mk2fg4s6pt0t0kcn03dv34wqtgymg8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2OFNqMVpOSUpQcnhhUllV
+            T1EyNW1PY2JIRU9HdGNRbFJIOFBvMW1yV2xnCkxzc0NKOUE5V1JyWHIvZVJ1Z1k5
+            cXJ0UHdxdTFWZ2c3eWxxbUhEcittOHMKLS0tIHhWTS9oL1BLRjVMMnpnaUNIMXgw
+            WmZUTzdSckYzT01oaWpUNWJUQ1VXWlEKv4y/izWTTQpZhP+C1eSYILz/3/XaXqvF
+            CrrYTyCxX5ZpyiRg/XLQ+HTkxsJd29xHfCgxleUDRq2hBtUr1FGWRQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1wxwqdrmkwkzsxajp58g0cgeextgf4wq287fv82pptv9yghkfgcqql66zhj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UEhFb3dmaG1jNHo2Q0Nq
+            c1R4MWNLZktLTitGU29pVHlneUtMOFpIUEZVClIwS0lIdmtlaWV0RXJVWUlRZ29z
+            MFlpQUplbnQ0aG00N2hDWC91V1E4MU0KLS0tIE9VUFFNZWFvUjBFYm1PTkZOOFEw
+            UUo3Wk12MEcveGI4R2hCU0tzTkt0UWsKXggD14IjDI+QbrWvxJwrN2HCWTPWQQma
+            IVUDilHKFUGByOc0FfkXOenCs+eiettVCbHtkZMTFa8I6t3+0FUvnw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-27T14:41:04Z"
+    mac: ENC[AES256_GCM,data:DrkzQRgalHxALT990/lrtnVYNptkGwrZgf71W+e7QkQsrgZKkXk9eFUt3AX8ZnlBxDjSgohoBEcAL6hp6FYzHb00+y6zOvYd70eIgQXC9OoFawKu+CM5UgAN2svajgRl/vyCgrMrnaBOZk5ghpXGAn8vumYBJjO1zvhu5L8xOYQ=,iv:pM05xVAO0Q0/JF9WfR/lzFcBhMHZ3Gj+BzF5xbwLgAc=,tag:5muURBaIS4XIs6vpZ9UoNA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.1

kubernetes/raspberry/home/homepage/ks.yaml

@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app homepage
+  namespace: flux-system
+spec:
+  targetNamespace: home
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/raspberry/home/homepage/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: false
+  interval: 1h
+  retryInterval: 1m
+  timeout: 5m

kubernetes/raspberry/home/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - homepage/ks.yaml
+  - namespace.yaml

kubernetes/raspberry/home/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: home
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled