diff --git a/inventory.yml b/inventory.yml index dc05319..b34653a 100644 --- a/inventory.yml +++ b/inventory.yml @@ -74,6 +74,11 @@ home_k8s: k8s-node-3: home_network: true +home_k8s_usb: + hosts: + k8s-node-usb-0: + home_network: true + forgejo_runners: hosts: forgejo-runner-0: @@ -101,3 +106,8 @@ seedboxes: hosts: seedbox.janky.solutions: ansible_host: 142.132.212.219 + +signal_bots: + hosts: + signald-2: + home_network: true diff --git a/k8s/adsb/config.yaml b/k8s/adsb/config.yaml new file mode 100644 index 0000000..0fb33db --- /dev/null +++ b/k8s/adsb/config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ultrafeeder + namespace: adsb +data: + LOGLEVEL: verbose + FEEDER_NAME: finn-kube + TZ: America/Los_Angeles + FEEDER_TZ: America/Los_Angeles + READSB_LAT: "47.6776539" + READSB_LON: "-122.3313249" + READSB_ALT: "100ft" + READSB_DEVICE_TYPE: rtlsdr + READSB_RTLSDR_DEVICE: "00000001" + UPDATE_TAR1090: "true" diff --git a/k8s/adsb/rtltcp.yaml b/k8s/adsb/rtltcp.yaml new file mode 100644 index 0000000..caf8515 --- /dev/null +++ b/k8s/adsb/rtltcp.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rtltcp + namespace: adsb +spec: + selector: + matchLabels: + app: rtltcp + replicas: 1 + template: + metadata: + labels: + app: rtltcp + spec: + tolerations: + - key: "rtlsdr" + value: "true" + effect: "NoSchedule" + containers: + - image: git.janky.solutions/jankysolutions/rtltcp:latest + name: rtltcp + args: ["rtl_tcp", "-a", "0.0.0.0"] + resources: + limits: + janky.solutions/rtlsdr: "1" + ports: + - name: rtltcp + containerPort: 1234 +--- +apiVersion: v1 +kind: Service +metadata: + name: rtltcp + namespace: adsb +spec: + type: NodePort + ports: + - name: rtltcp + port: 1234 + nodePort: 30002 + selector: + app: rtltcp diff --git a/k8s/adsb/ultrafeeder.yaml b/k8s/adsb/ultrafeeder.yaml new file mode 100644 index 0000000..5282449 --- /dev/null +++ b/k8s/adsb/ultrafeeder.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: ultrafeeder + namespace: adsb +spec: + selector: + matchLabels: + app: ultrafeeder + serviceName: ultrafeeder + replicas: 1 + template: + metadata: + labels: + app: ultrafeeder + spec: + tolerations: + - key: "rtlsdr" + value: "true" + effect: "NoSchedule" + containers: + - image: ghcr.io/sdr-enthusiasts/docker-adsb-ultrafeeder + name: ultrafeeder + # args: ["start-dev"] + resources: + limits: + janky.solutions/rtlsdr: "1" + volumeMounts: + - name: ultrafeeder-collectd + mountPath: /var/lib/collectd + - name: ultrafeeder-globe-history + mountPath: /var/globe_history + envFrom: + - configMapRef: + name: ultrafeeder + ports: + - name: web + containerPort: 80 + volumeClaimTemplates: + - metadata: + name: ultrafeeder-collectd + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + - metadata: + name: ultrafeeder-globe-history + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: ultrafeeder + namespace: adsb +spec: + type: NodePort + ports: + - name: web + port: 80 + selector: + app: ultrafeeder +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ultrafeeder + namespace: adsb +spec: + rules: + - host: adsb.k8s.home.finn.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ultrafeeder + port: + name: web + diff --git a/k8s/generic-device-plugin/ds.yaml b/k8s/generic-device-plugin/ds.yaml new file mode 100644 index 0000000..c3f0997 --- /dev/null +++ b/k8s/generic-device-plugin/ds.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: generic-device-plugin + namespace: kube-system + labels: + app.kubernetes.io/name: generic-device-plugin +spec: + selector: + matchLabels: + app.kubernetes.io/name: generic-device-plugin + template: + metadata: + labels: + app.kubernetes.io/name: generic-device-plugin + spec: + priorityClassName: system-node-critical + tolerations: + - key: "rtlsdr" + value: "true" + effect: "NoSchedule" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: device + operator: In + values: + - rtlsdr + containers: + - image: squat/generic-device-plugin + args: + - --domain + - janky.solutions + - --device + - | + name: rtlsdr + groups: + - count: 2 + usb: + - vendor: "0BDA" + product: "2838" + name: generic-device-plugin + resources: + requests: + cpu: 50m + memory: 10Mi + limits: + cpu: 50m + memory: 20Mi + ports: + - containerPort: 8080 + name: http + securityContext: + privileged: true + volumeMounts: + - name: device-plugin + mountPath: /var/lib/kubelet/device-plugins + - name: dev + mountPath: /dev + volumes: + - name: device-plugin + hostPath: + path: /var/lib/kubelet/device-plugins + - name: dev + hostPath: + path: /dev + updateStrategy: + type: RollingUpdate diff --git a/k8s/namespaces.yaml b/k8s/namespaces.yaml index 2424c27..d4e003d 100644 --- a/k8s/namespaces.yaml +++ b/k8s/namespaces.yaml @@ -42,3 +42,13 @@ apiVersion: v1 kind: Namespace metadata: name: shlink +--- +apiVersion: v1 +kind: Namespace +metadata: + name: keycloak +--- +apiVersion: v1 +kind: Namespace +metadata: + name: adsb diff --git a/playbook-home-k8s-usb.yaml b/playbook-home-k8s-usb.yaml new file mode 100644 index 0000000..c145e3a --- /dev/null +++ b/playbook-home-k8s-usb.yaml @@ -0,0 +1,7 @@ +- hosts: home_k8s_usb + vars: + ansible_user: root + roles: + - base + - monitoring + - k8s-usb-node diff --git a/playbook-signal-bots.yaml b/playbook-signal-bots.yaml new file mode 100644 index 0000000..795a364 --- /dev/null +++ b/playbook-signal-bots.yaml @@ -0,0 +1,7 @@ +- hosts: signal_bots + vars: + ansible_user: root + roles: + - base + - monitoring + - signal-bots diff --git a/roles/k8s-usb-node/tasks/main.yml b/roles/k8s-usb-node/tasks/main.yml new file mode 100644 index 0000000..d34800d --- /dev/null +++ b/roles/k8s-usb-node/tasks/main.yml @@ -0,0 +1,4 @@ +- name: blacklist problematic kernel modules + template: + src: modprobe-blacklist.conf + dest: /etc/modprobe.d/blacklist.conf diff --git a/roles/k8s-usb-node/templates/modprobe-blacklist.conf b/roles/k8s-usb-node/templates/modprobe-blacklist.conf new file mode 100644 index 0000000..e88322e --- /dev/null +++ b/roles/k8s-usb-node/templates/modprobe-blacklist.conf @@ -0,0 +1,3 @@ +{% for module in modprobe_blacklist %} +blacklist {{ module }} +{% endfor %} diff --git a/roles/k8s-usb-node/vars/main.yaml b/roles/k8s-usb-node/vars/main.yaml new file mode 100644 index 0000000..879347a --- /dev/null +++ b/roles/k8s-usb-node/vars/main.yaml @@ -0,0 +1,10 @@ +modprobe_blacklist: + - dvb_core + - dvb_usb_rtl2832u + - dvb_usb_rtl28xxu + - dvb_usb_v2 + - r820t + - rtl2830 + - rtl2832 + - rtl2832_sdr + - rtl2838 diff --git a/roles/signal-bots/handlers/main.yml b/roles/signal-bots/handlers/main.yml new file mode 100644 index 0000000..809728c --- /dev/null +++ b/roles/signal-bots/handlers/main.yml @@ -0,0 +1,19 @@ +- name: install react-bot python dependencies + command: /usr/bin/pipenv run pip install git+https://github.com/lwesterhof/semaphore.git + args: + chdir: /home/react-bot/react-bot + become: true + become_user: react-bot + +- name: systemctl daemon-reload + command: systemctl daemon-reload + +- name: restart signald + service: + name: signald + state: restarted + +- name: restart react-bot + service: + name: react-bot + state: restarted diff --git a/roles/signal-bots/tasks/main.yaml b/roles/signal-bots/tasks/main.yaml new file mode 100644 index 0000000..29890ea --- /dev/null +++ b/roles/signal-bots/tasks/main.yaml @@ -0,0 +1,28 @@ +- name: install podman + apt: + name: [podman] + +- name: configure signald service + template: + src: signald.service + dest: /etc/systemd/system/signald.service + notify: + - systemctl daemon-reload + - restart signald + +- name: enable signald service + service: + name: signald + enabled: true + +- name: make /var/signald + file: + path: /var/signald + state: directory + +- name: create signald group + group: + name: signald + gid: 1337 + +- include_tasks: react-bot.yaml diff --git a/roles/signal-bots/tasks/react-bot.yaml b/roles/signal-bots/tasks/react-bot.yaml new file mode 100644 index 0000000..691d93e --- /dev/null +++ b/roles/signal-bots/tasks/react-bot.yaml @@ -0,0 +1,40 @@ +- name: install react-bot dependencies + apt: + name: [pipenv, git] + +- name: create react-bot user + user: + name: react-bot + groups: signald + +- name: clone the repo + git: + repo: https://gitlab.com/thefinn93/react-bot + dest: /home/react-bot/react-bot + notify: + - install react-bot python dependencies + - restart react-bot + become: true + become_user: react-bot + +- name: configure react-bot + template: + src: react-bot.json + dest: /home/react-bot/react-bot/settings.json + notify: + - restart react-bot + become: true + become_user: react-bot + +- name: install react-bot.service + template: + src: react-bot.service + dest: /etc/systemd/system/react-bot.service + notify: + - systemctl daemon-reload + - restart react-bot + +- name: enable react-bot service + service: + name: react-bot + enabled: true diff --git a/roles/signal-bots/templates/react-bot.json b/roles/signal-bots/templates/react-bot.json new file mode 100644 index 0000000..ff1f594 --- /dev/null +++ b/roles/signal-bots/templates/react-bot.json @@ -0,0 +1,90 @@ +{ + "account": "d889ebb7-996d-4933-902c-0bf885c9c4cc", + "account_uuid": "d889ebb7-996d-4933-902c-0bf885c9c4cc", + "custom": { + "add": { + "🍑": [ + "booty", + "butt" + ], + "🍆": [ + "dick", + "penis" + ], + "🐓": [ + "cock" + ], + "đŸŠģ": [ + "xray" + ], + "🧌": [ + "troll" + ], + "đŸĒ¸": [ + "coral" + ], + "đŸĢĩ": [ + "you" + ], + "đŸĢ˜": [ + "beans" + ], + "đŸĢ™": [ + "jar" + ], + "đŸĒˇ": [ + "lotus" + ], + "đŸĢ ": [ + "melt" + ], + "đŸŠŧ": [ + "crutch" + ], + "đŸĒŠ": [ + "disco" + ], + "🛞": [ + "wheel" + ], + "🛝": [ + "slide" + ], + "đŸĢ°": [ + "snap" + ], + "🐖": [ + "police", + "cops", + "cop" + ], + "đŸŊ": [ + "police", + "cops", + "cop" + ], + "🐷": [ + "police", + "cops", + "cop" + ], + "👮": [ + "pig", + "pigs" + ], + "🚓": [ + "pig", + "pigs" + ], + "🚔": [ + "pig", + "pigs" + ] + }, + "remove": { + "đŸĒ ": [ + "toilet" + ] + } + } +} diff --git a/roles/signal-bots/templates/react-bot.service b/roles/signal-bots/templates/react-bot.service new file mode 100644 index 0000000..070a07c --- /dev/null +++ b/roles/signal-bots/templates/react-bot.service @@ -0,0 +1,13 @@ +[Unit] +Description=React Bot +Wants=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/pipenv run python bot.py +User=react-bot +WorkingDirectory=/home/react-bot/react-bot +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/signal-bots/templates/signald.service b/roles/signal-bots/templates/signald.service new file mode 100644 index 0000000..9df1da1 --- /dev/null +++ b/roles/signal-bots/templates/signald.service @@ -0,0 +1,16 @@ +[Unit] +Description=signald +Wants=network.target + +[Service] +Type=simple +ExecStartPre=/usr/bin/podman pull git.janky.solutions/signald/signald:dev +ExecStartPre=-/usr/bin/podman stop signald +ExecStartPre=-/usr/bin/podman rm signald +ExecStartPre=/usr/bin/mkdir -p /var/run/signald +ExecStartPre=/usr/bin/chown 1337:signald /var/run/signald +ExecStart=/usr/bin/podman run --rm -v /var/run/signald:/var/run/signald -v /var/signald:/signald --name signald -p 9595:9595 git.janky.solutions/signald/signald:dev --socket /var/run/signald/signald.sock --metrics --trust-new-keys --verbose +Restart=always + +[Install] +WantedBy=multi-user.target