daniel/homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Immich Cluster Role and Secret

Browse Source
This commit is contained in:
Daniel Cosme
2026-04-30 18:18:09 -04:00
parent d3cea1aecd
commit 92bacccadb
8 changed files with 62 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/hydra/linkding/kuztomization.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: linkding
namespace: linkding
resources:
- namespace.yaml
- srv.yaml
- pvc.yaml
- deployment.yaml
- namespace.yaml

23
apps/hydra/secrets/immich-db.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Secret
metadata:
name: immich
namespace: cnpg-system
stringData:
db_password: ENC[AES256_GCM,data:UUHuRIePSoOOxnla+A99xknb+jO3pDsWGh6ayhRXdq5j48TbzTXaCQ==,iv:I0mKgTs8TDZX9Xfzk7LMBocCbdPv+KJkVpHu2NjNP0I=,tag:97scyt6REfIKcVStRoMdeg==,type:str]
db_username: ENC[AES256_GCM,data:KqRpNF49,iv:7MCP/Z2NYIzfAAHSEaEzlXbmgbonP6qucHicR/9/yD8=,tag:ySljEz/xBwM1L8WFpr7sqA==,type:str]
sops:
age:
- recipient: age1lelpkv7u2xh5wezuwp09fmf9gsa8gp4rzy92jz0t203au82a7u5sutsjwa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUHhXb05PVjlvTXVzbWlJ
ZGFvSjh3ZjM1WXpuY3hYNjF4YUl1UmwyT1ZvCnFkeENINWl3Z1dSUDY4VW84WXlD
L3d0Qk0yL0pnTDBKOENKeldzZkpncDgKLS0tIGUvaTZlcHFVU0RETU5waWsyanFp
Ti9iSkNMdWRjWXljU3pxcHduUnhsQTgKe+0pzlKJ3mITrBMmcW1wASVpd99z4rvb
94iv/WgCJtD4T2qTaAcxbJY+hz58dA7Qnwm27d64wccZOMVgNR1WcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-30T22:17:42Z"
mac: ENC[AES256_GCM,data:0AGAGfq4nC/Sxu9Jx6YZtsdM1CaMiZdbJcv/wyA+FzsCR962fpN1fCLQBFqQa39AKwL1OQGxWzq3QHnu7/4xCpiTP3fiU8n01rD0itdXF/POz9XIhixfsk1abCO1jikEcklj9f3sRLsa5+oKELKAtVomoOYKzQDK2GQbTNX0a3k=,iv:TuZKioijtYAzkWky6taii20j7JGbq7EeSvHqZaNVPew=,tag:MZOOYF3ha7/2xKsYPWtI3g==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.12.2

1
apps/hydra/secrets/kuztomization.yaml
View File

@@ -5,3 +5,4 @@ metadata:
resources:
- linkding.yaml
- truenas-csi.yaml
- immich-db.yaml

18
apps/hydra/secrets/linkding.yaml
View File

@@ -4,20 +4,20 @@ metadata:
name: linkding
namespace: linkding
stringData:
supe_user_name: ENC[AES256_GCM,data:XvTjgXWqxeY7kTdEu4ez3/w=,iv:7v9BWmQpqnNYYdWPyD07xIcHoJAwkrGq11d2wP49j14=,tag:GyZtZme1DheHjNFuBp7nbA==,type:str]
supe_user_password: ENC[AES256_GCM,data:ATUaLra8h2OFUP8DkRG5kvPqR+OZKzbGZRQ60ECrCTkh+//M81o0GBrX0Nc=,iv:UzKVJRYWjKhEs50GNkijG0XiPAkiGKXWtqHZSEFYEpY=,tag:ROali/QL3ihSyWgSXh091w==,type:str]
supe_user_name: ENC[AES256_GCM,data:kDeIwS4IcrXPPO6ZxkhPXf4=,iv:7IEB0WjRpNmQz7Vfwa6qZNWomACoXQwH3Y6SfIPdgd8=,tag:JGFwt7nfhR8HqpUlUb+Tqw==,type:str]
supe_user_password: ENC[AES256_GCM,data:+2N0zdCiCSiYguhAmggMHkPWjBDLZ1+oxh/F4W4sBfTk54K9z3CNBU9nUvw=,iv:JYUzvHpNM0ECKf9JDQfwcH0DnZDBo7YNgaPHJzslftk=,tag:r3PSQofyxNoLweZcz8OokA==,type:str]
sops:
age:
- recipient: age1lelpkv7u2xh5wezuwp09fmf9gsa8gp4rzy92jz0t203au82a7u5sutsjwa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocEdFTVhWT0dZUGZlTHhK
MjcxbFpFd3lydnJPMTV5T2pqblRVdnBZZ1FRCnFlV09oaFptY2JvTGVmZ3poQ2Nz
cm1IME13djMwbHJraVhPOEpBN1FqOEkKLS0tIEV5SkN1OXkxZDkrNFRhSEhoRDZC
RzlpNytqZGJOYW1BU0hOdFEyV3RjeEkKIWRRXhJTevlTCnlhoV3xoP6Kwtqt+aaE
wZECZ5N9Gk8JehsLkv5ShYxqcuenC8Rg/0Lc9Pmp6xhgJgWwJJzl+w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuWWpDa1RCM20zblFiZEZG
MkcxVGlrN0thNURDaHIySU9xbG1CQ1FPNHowClBsUmpuVHVqaGNFWWd0VEVjYXFs
Yk5ZZ1BJVUQzMkFCbmRraUlSYkZ5SlEKLS0tIFBDZXlERFp2alJJelhrOER0S3pF
Vms3MW1sQm8yMk14OTk2THp0ZHpkc2MKiXJn3ZOUfh2W7UoYB2NHZ0Es9l7WJhaJ
9cbedKWQt53ySKYfWKSC742wJ+mQZTIyD4zxh4RmT7GL166N6yJSoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-27T20:50:36Z"
mac: ENC[AES256_GCM,data:lh8FgtmZI59b/lHNAW6ScWG4yE/63hBkAbwhoaPwQNRSOAgTGG0xy147zqO7R/dryQmgjNBiZU8tD9KOmqoKRYvi10BxHbnT83gR3IpKSx2dTZldw2Odp1y7MJxsiG646N/CqsEKP4+K7oP4GZT/ERrq03dDDhN3ZFdsxg4Xuu0=,iv:TIswHRnyihQrrBPozXUiZv8XjXiZGqptlf7ckxLWTJo=,tag:x6z5SE94x9Ewej3XjHcUyA==,type:str]
lastmodified: "2026-04-30T22:17:42Z"
mac: ENC[AES256_GCM,data:38wsQscf4Ngz5RtBHvWK+aq6Qq2oKK5Y338akWTQW9CbObh+ltikJkx9xKYSwmSrLf9D9Cal5NCejqHCU2S32QbPR+Jf7E1V9KYScTuiHxLLiepYUYhyD+K8S8B9M0mupGuEsnfmW1gOV6VQepqhDmyw2D6UhoTz8MFSrrTnA4I=,iv:45wGTvc9Vx48xhl+bkpvBhlGNPSUJh9ZPaHH2Sov0NI=,tag:afIY1nQl2YS2J/kx/ZRWQw==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.12.2

16
apps/hydra/secrets/truenas-csi.yaml
View File

@@ -4,19 +4,19 @@ metadata:
name: truenas-csi-api-credentials
namespace: truenas-csi
stringData:
api-key: ENC[AES256_GCM,data:rLckxqJRQRrRf5t9r/9tkGau0Jmq0GWvIS6CuIb8DSa0p3PnmWZ8XxptPf0zYylcwVmcHTypU/rQXL1cVjovj61U,iv:nD50QitcpDVJ7Xrduqg4N75qa8m6Kei7LtDc5ZO0+fI=,tag:RFKG8rZ0HLQ+skJIzAV5NA==,type:str]
api-key: ENC[AES256_GCM,data:IH63ctc6uglYSpV5uQHQgd0uFrO7Y9yplN28xMIn1LD8eYO0zq/2BVVSaQ8i3+PWtV48nioJOBTVEzSVXQ7YlKMm,iv:bSapMu05DNksTHNwVH9QJ/rbsipJBRkb9GlpSbQbXiw=,tag:xyTAI7OOfQsa2f8ro4XmKg==,type:str]
sops:
age:
- recipient: age1lelpkv7u2xh5wezuwp09fmf9gsa8gp4rzy92jz0t203au82a7u5sutsjwa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWldlbGNyK2lHUTFQUGI2
aWxVZERyYXRDYVEwVTRyVkorSG1sMkxnWkRZCk1NM0hPNEc1YjY2Y2lFL3lMUkFk
RmZYamhJSGFUc2hXQm9IMnJFdUZoRGMKLS0tIFZWM1FTSkZnU0NEd1YycnpnYVFQ
M2NsdTdjMlZvSUluU1d5TG1CMXdpcnMKQWmdbo9Clk7SGmD6AwXfcZnbbXKrMgti
q2Cn+ZRDvZEYwQtMp/ob8iwbrl9KrUURNq/1GkmCjy73fy+MzTCnCQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZFMxTUpLMGJmejNYYkN1
TjBRQnE5V2pZSTY3QWp1cDJpRGh6S3BmbnpvCnVXZ1kreGlIZ2VOUU0vMDJnQTBs
Kzh5WEdEZzZpanBQbGllT0VaSmZvbjgKLS0tIDBQc2RENHZyWVZTS2ZCQ0hiQnRu
c2c1enpDM0tCU0lkZFdpbjIvREh0QWMKc8W2CXxdvFSNuel7Wls3dS/+fayXE1cu
ghx+vlWQK+3CjDla+dTSd8UJwcA1YNkW6kRepuMP+4+P5jCR/3uyNg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-27T20:50:36Z"
mac: ENC[AES256_GCM,data:Rc3fcgj1BZR+jK4pHmukqPfdsZuxv/31RFLQJ8oV8XvU3eN1eedaS9DPUPss3VyLSnc0hjwlcCkd/QwNxeAUg3rHgWt5tc5m2nxIcjuHyuTMpoXvQ3xzOzTfC/DsewpKHuGR6lfF74x4SFZrwoocZztMh6i930lzfBk4FV4q0/Q=,iv:gA+XJvUYYDpPmNRmoeJvcu/J0rFvWGU+umUnem5tcfI=,tag:92ArjqfdFjV3qtJn2bK+Jw==,type:str]
lastmodified: "2026-04-30T22:17:42Z"
mac: ENC[AES256_GCM,data:QOSR+wLE3l/wBIR2ztIYt7BYWpXB5b8Sm8LBeZNU1xNJOigaAVyXYRnEW5Cy38fUVH+RWx/5JALEanF1yLRok98IvAAe6FSdOO5h+SniKDO61s/o7SWEQdpEzXVU7iVhYgjWNeyNNFbqzLwkJ8/weli9AobN36H+zUOTR/EI9ek=,iv:HfchJ4eyKncJLX1EONXmJF14lZW43EE4FuP/xoeScL0=,tag:rNf0UN6KWBMH5umKheZC1Q==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.12.2

6
infrastructure/hydra/cloud-native-pg/pg-cluster.yaml
View File

@@ -6,7 +6,11 @@ metadata:
spec:
affinity: {}
instances: 3
managed: {}
managed:
roles:
- name: immich
passwordSecret:
name: immich
postgresql:
syncReplicaElectionConstraint:
enabled: false

12
infrastructure/hydra/truenas-csi/kuztomization.yaml
View File

@@ -4,16 +4,16 @@ metadata:
name: truenas-csi
namespace: truenas-csi
resources:
- controller-deployment.yaml
- node-deamonset.yaml
- CSIDriver.yaml
- nfs-storage-class.yaml
- iscsi-storage-class.yaml
- namespace.yaml
- controller-service-account.yaml
- controller-cluster-role.yaml
- controller-binding.yaml
- node-service-account.yaml
- node-deamonset.yaml
- CSIDriver.yaml
- config.yaml
- controller-deployment.yaml
- node-cluster-role.yaml
- node-binding.yaml
- nfs-storage-class.yaml
- iscsi-storage-class.yaml
- config.yaml

10
pkg/cnpg/cluster.go
View File

@@ -2,6 +2,7 @@ package cnpg
import (
"danicos.dev/daniel/go-kube/pkg/kube"
"danicos.dev/daniel/homelab/pkg/immich"
"danicos.dev/daniel/homelab/pkg/root"
kube_cnpg "danicos.dev/daniel/go-kube/pkg/cnpg"
@@ -22,7 +23,14 @@ func Cluster() pg.Cluster {
},
},
Managed: &pg.ManagedConfiguration{
Roles: []pg.RoleConfiguration{},
Roles: []pg.RoleConfiguration{
{
Name: root.Immich.Name,
PasswordSecret: &pg.LocalObjectReference{
Name: immich.Secret.Name,
},
},
},
},
}
return kube_cnpg.NewCluster(meta, spec)