misck new things

inventory.yml

@@ -74,6 +74,11 @@ home_k8s:
     k8s-node-3:
       home_network: true
 
+home_k8s_usb:
+  hosts:
+    k8s-node-usb-0:
+      home_network: true
+
 forgejo_runners:
   hosts:
     forgejo-runner-0:
@@ -101,3 +106,8 @@ seedboxes:
   hosts:
     seedbox.janky.solutions:
       ansible_host: 142.132.212.219
+
+signal_bots:
+  hosts:
+    signald-2:
+      home_network: true

k8s/adsb/config.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ultrafeeder
+  namespace: adsb
+data:
+  LOGLEVEL: verbose
+  FEEDER_NAME: finn-kube
+  TZ: America/Los_Angeles
+  FEEDER_TZ: America/Los_Angeles
+  READSB_LAT: "47.6776539"
+  READSB_LON: "-122.3313249"
+  READSB_ALT: "100ft"
+  READSB_DEVICE_TYPE: rtlsdr
+  READSB_RTLSDR_DEVICE: "00000001"
+  UPDATE_TAR1090: "true"

k8s/adsb/rtltcp.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rtltcp
+  namespace: adsb
+spec:
+  selector:
+    matchLabels:
+      app: rtltcp
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: rtltcp
+    spec:
+      tolerations:
+      - key: "rtlsdr"
+        value: "true"
+        effect: "NoSchedule"
+      containers:
+      - image: git.janky.solutions/jankysolutions/rtltcp:latest
+        name: rtltcp
+        args: ["rtl_tcp", "-a", "0.0.0.0"]
+        resources:
+          limits:
+            janky.solutions/rtlsdr: "1"
+        ports:
+          - name: rtltcp
+            containerPort: 1234
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rtltcp
+  namespace: adsb
+spec:
+  type: NodePort
+  ports:
+  - name: rtltcp
+    port: 1234
+    nodePort: 30002
+  selector:
+    app: rtltcp

k8s/adsb/ultrafeeder.yaml

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: ultrafeeder
+  namespace: adsb
+spec:
+  selector:
+    matchLabels:
+      app: ultrafeeder
+  serviceName: ultrafeeder
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: ultrafeeder
+    spec:
+      tolerations:
+      - key: "rtlsdr"
+        value: "true"
+        effect: "NoSchedule"
+      containers:
+      - image: ghcr.io/sdr-enthusiasts/docker-adsb-ultrafeeder
+        name: ultrafeeder
+        # args: ["start-dev"]
+        resources:
+          limits:
+            janky.solutions/rtlsdr: "1"
+        volumeMounts:
+          - name: ultrafeeder-collectd
+            mountPath: /var/lib/collectd
+          - name: ultrafeeder-globe-history
+            mountPath: /var/globe_history
+        envFrom:
+          - configMapRef:
+              name: ultrafeeder
+        ports:
+          - name: web
+            containerPort: 80
+  volumeClaimTemplates:
+  - metadata:
+      name: ultrafeeder-collectd
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 1Gi
+  - metadata:
+      name: ultrafeeder-globe-history
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 1Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ultrafeeder
+  namespace: adsb
+spec:
+  type: NodePort
+  ports:
+  - name: web
+    port: 80
+  selector:
+    app: ultrafeeder
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ultrafeeder
+  namespace: adsb
+spec:
+  rules:
+    - host: adsb.k8s.home.finn.io
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name:  ultrafeeder
+                port:
+                  name: web
+

k8s/generic-device-plugin/ds.yaml

@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: generic-device-plugin
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: generic-device-plugin
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: generic-device-plugin
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: generic-device-plugin
+    spec:
+      priorityClassName: system-node-critical
+      tolerations:
+      - key: "rtlsdr"
+        value: "true"
+        effect: "NoSchedule"
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: device
+                operator: In
+                values:
+                - rtlsdr
+      containers:
+      - image: squat/generic-device-plugin
+        args:
+        - --domain
+        - janky.solutions
+        - --device
+        - |
+          name: rtlsdr
+          groups:
+            - count: 2
+              usb:
+              - vendor: "0BDA"
+                product: "2838"
+        name: generic-device-plugin
+        resources:
+          requests:
+            cpu: 50m
+            memory: 10Mi
+          limits:
+            cpu: 50m
+            memory: 20Mi
+        ports:
+        - containerPort: 8080
+          name: http
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: device-plugin
+          mountPath: /var/lib/kubelet/device-plugins
+        - name: dev
+          mountPath: /dev
+      volumes:
+      - name: device-plugin
+        hostPath:
+          path: /var/lib/kubelet/device-plugins
+      - name: dev
+        hostPath:
+          path: /dev
+  updateStrategy:
+    type: RollingUpdate

k8s/namespaces.yaml

@@ -42,3 +42,13 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: shlink
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: keycloak
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: adsb

playbook-home-k8s-usb.yaml

@@ -0,0 +1,7 @@
+- hosts: home_k8s_usb
+  vars:
+    ansible_user: root
+  roles:
+    - base
+    - monitoring
+    - k8s-usb-node

playbook-signal-bots.yaml

@@ -0,0 +1,7 @@
+- hosts: signal_bots
+  vars:
+    ansible_user: root
+  roles:
+    - base
+    - monitoring
+    - signal-bots

roles/k8s-usb-node/tasks/main.yml

@@ -0,0 +1,4 @@
+- name: blacklist problematic kernel modules
+  template:
+    src: modprobe-blacklist.conf
+    dest: /etc/modprobe.d/blacklist.conf

roles/k8s-usb-node/templates/modprobe-blacklist.conf

@@ -0,0 +1,3 @@
+{% for module in modprobe_blacklist %}
+blacklist {{ module }}
+{% endfor %}

roles/k8s-usb-node/vars/main.yaml

@@ -0,0 +1,10 @@
+modprobe_blacklist:
+  - dvb_core
+  - dvb_usb_rtl2832u
+  - dvb_usb_rtl28xxu
+  - dvb_usb_v2
+  - r820t
+  - rtl2830
+  - rtl2832
+  - rtl2832_sdr
+  - rtl2838

roles/signal-bots/handlers/main.yml

@@ -0,0 +1,19 @@
+- name: install react-bot python dependencies
+  command: /usr/bin/pipenv run pip install git+https://github.com/lwesterhof/semaphore.git
+  args:
+    chdir: /home/react-bot/react-bot
+  become: true
+  become_user: react-bot
+
+- name: systemctl daemon-reload
+  command: systemctl daemon-reload
+
+- name: restart signald
+  service:
+    name: signald
+    state: restarted
+
+- name: restart react-bot
+  service:
+    name: react-bot
+    state: restarted

roles/signal-bots/tasks/main.yaml

@@ -0,0 +1,28 @@
+- name: install podman
+  apt:
+    name: [podman]
+
+- name: configure signald service
+  template:
+    src: signald.service
+    dest: /etc/systemd/system/signald.service
+  notify:
+    - systemctl daemon-reload
+    - restart signald
+
+- name: enable signald service
+  service:
+    name: signald
+    enabled: true
+
+- name: make /var/signald
+  file:
+    path: /var/signald
+    state: directory
+
+- name: create signald group
+  group:
+    name: signald
+    gid: 1337
+
+- include_tasks: react-bot.yaml

roles/signal-bots/tasks/react-bot.yaml

@@ -0,0 +1,40 @@
+- name: install react-bot dependencies
+  apt:
+    name: [pipenv, git]
+
+- name: create react-bot user
+  user:
+    name: react-bot
+    groups: signald
+
+- name: clone the repo
+  git:
+    repo: https://gitlab.com/thefinn93/react-bot
+    dest: /home/react-bot/react-bot
+  notify:
+    - install react-bot python dependencies
+    - restart react-bot
+  become: true
+  become_user: react-bot
+
+- name: configure react-bot
+  template:
+    src: react-bot.json
+    dest: /home/react-bot/react-bot/settings.json
+  notify:
+    - restart react-bot
+  become: true
+  become_user: react-bot
+
+- name: install react-bot.service
+  template:
+    src: react-bot.service
+    dest: /etc/systemd/system/react-bot.service
+  notify:
+    - systemctl daemon-reload
+    - restart react-bot
+
+- name: enable react-bot service
+  service:
+    name: react-bot
+    enabled: true

roles/signal-bots/templates/react-bot.json

@@ -0,0 +1,90 @@
+{
+    "account": "d889ebb7-996d-4933-902c-0bf885c9c4cc",
+    "account_uuid": "d889ebb7-996d-4933-902c-0bf885c9c4cc",
+    "custom": {
+        "add": {
+            "🍑": [
+                "booty",
+                "butt"
+            ],
+            "🍆": [
+                "dick",
+                "penis"
+            ],
+            "🐓": [
+                "cock"
+            ],
+            "🩻": [
+                "xray"
+            ],
+            "🧌": [
+                "troll"
+            ],
+            "🪸": [
+                "coral"
+            ],
+            "🫵": [
+                "you"
+            ],
+            "🫘": [
+                "beans"
+            ],
+            "🫙": [
+                "jar"
+            ],
+            "🪷": [
+                "lotus"
+            ],
+            "🫠": [
+                "melt"
+            ],
+            "🩼": [
+                "crutch"
+            ],
+            "🪩": [
+                "disco"
+            ],
+            "🛞": [
+                "wheel"
+            ],
+            "🛝": [
+                "slide"
+            ],
+            "🫰": [
+                "snap"
+            ],
+            "🐖": [
+                "police",
+                "cops",
+                "cop"
+            ],
+            "🐽": [
+                "police",
+                "cops",
+                "cop"
+            ],
+            "🐷": [
+                "police",
+                "cops",
+                "cop"
+            ],
+            "👮": [
+                "pig",
+                "pigs"
+            ],
+            "🚓": [
+                "pig",
+                "pigs"
+            ],
+            "🚔": [
+                "pig",
+                "pigs"
+            ]
+        },
+        "remove": {
+            "🪠": [
+                "toilet"
+            ]
+        }
+    }
+}

roles/signal-bots/templates/react-bot.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=React Bot
+Wants=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/pipenv run python bot.py
+User=react-bot
+WorkingDirectory=/home/react-bot/react-bot
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

roles/signal-bots/templates/signald.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=signald
+Wants=network.target
+
+[Service]
+Type=simple
+ExecStartPre=/usr/bin/podman pull git.janky.solutions/signald/signald:dev
+ExecStartPre=-/usr/bin/podman stop signald
+ExecStartPre=-/usr/bin/podman rm signald
+ExecStartPre=/usr/bin/mkdir -p /var/run/signald
+ExecStartPre=/usr/bin/chown 1337:signald /var/run/signald
+ExecStart=/usr/bin/podman run --rm -v /var/run/signald:/var/run/signald -v /var/signald:/signald --name signald -p 9595:9595 git.janky.solutions/signald/signald:dev --socket /var/run/signald/signald.sock --metrics --trust-new-keys --verbose
+Restart=always
+
+[Install]
+WantedBy=multi-user.target