migrate owntracks here

apps/camper/owntracks-fe/configmap.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: frontend
+  labels:
+    app: frontend
+data:
+  config.js: |
+    // Here you can overwite the default configuration values
+    const startDateTime = new Date();
+    startDateTime.setHours(0, 0, 0, 0);
+    startDateTime.setDate(startDateTime.getDate() - 1);
+    window.owntracks = window.owntracks || {};
+    window.owntracks.config = {
+      map: {
+        center: {
+          lat: 47.387963765838066,
+          lng: 8.45552444458008,
+        },
+        zoom: 13,
+      },
+      startDateTime,
+    };

apps/camper/owntracks-fe/deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  labels:
+    app: frontend
+spec:
+  selector:
+    matchLabels:
+      app: frontend
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+        - name: frontend
+          env:
+            - name: SERVER_HOST
+              value: recorder.owntracks
+            - name: SERVER_PORT
+              value: "8083"
+            - name: LISTEN_PORT
+              value: "8083"
+          image: git.tbrnt.ch/tobru/ot-frontend:2.12.0
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - mountPath: /usr/share/nginx/html/config
+              name: config
+          ports:
+            - containerPort: 8083
+              protocol: TCP
+              name: nginx
+          resources: {}
+      volumes:
+        - name: config
+          configMap:
+            name: frontend
+      imagePullSecrets:
+        - name: registry

apps/camper/owntracks-fe/ingress.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod-desec
+    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
+  name: frontend
+  labels:
+    app: frontend
+spec:
+  rules:
+    - host: whereis.camper.tobru.ch
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: frontend
+                port:
+                  number: 8083
+  tls:
+    - hosts:
+        - whereis.camper.tobru.ch
+      secretName: ingress-cert

apps/camper/owntracks-fe/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - configmap.yaml
+  - deployment.yaml
+  - ingress.yaml
+  - service.yaml
+generators:
+  - secret-generator.yaml

apps/camper/owntracks-fe/secret-generator.yaml

@@ -0,0 +1,6 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+files:
+  - secret-registry.sops.yaml

apps/camper/owntracks-fe/secret-registry.sops.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: registry
+type: kubernetes.io/dockerconfigjson
+stringData:
+    .dockerconfigjson: ENC[AES256_GCM,data:0JTfrSSlsJBNLa1XVMxRi5d3uPDioFvjTI0LIf3MuEVJtI7uG43YZvk599ygoREcsSehhNoVcSksZUaPNQ2Xat2u+UBb1hXlZPq1n5eZT7qQQcV5yTg5QCq/tN/gfoWRmvNgyUZTrY8Yr+jttR6njBI5/O76to+rW9D9+xqQd9p1XyHWwIQ7Skh6a7JTQhnwjCvT+7qL45gaI8Q=,iv:K4ZjqH+9cO1//Xk8MPBieqB/TDOfIFwSoShSkZyl1Lo=,tag:nx6Tq/6NqL9hlGJXfMXCQg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVTd3RHFCZnZjenY2cDBW
+            WStFd0VwUFErb3QwVGV6WE11WURLYVBDd1d3CmVhREFkVU9hcmRURENCRWJMRDFM
+            azJhd25wbGk2Zm1HaVpzMmJxek43Q28KLS0tIFduaHVHQ3lIK2VDY1hia3lmQWlY
+            Y3o0enFmYks2ejhRNTRrbStpWEJYRncKlxkmvm0lK9u2W1XlTKym0Z2eKmlGCcbc
+            h9nT0VBsvtiLJqHrC8SfSN5LmjJb9CAehUy+Xz3wpcyiVS64Z81cKw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-25T20:00:50Z"
+    mac: ENC[AES256_GCM,data:G7i+MCwzjZ4lhJnzf1vC01vallvgAsGYiZNx3HqXQvc8fpG0aM9xqUtehdaXKxUhUbi1v/PN+XxKyYcSusl3wwnSMg27axOZm3Jwd5wjycpeaV6QW0jyzIDqkAvk9oOu3o2itGHVw7tRlvfWWk5Jm2MnQTTn9j5tWAO4Gb+hilE=,iv:ocIw7USxzq2NybZ+MVKL50djAfeImXzR/NHghWAIgRI=,tag:zGSSVQNyJ5NHiaq/i7sMJQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

apps/camper/owntracks-fe/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+  labels:
+    app: frontend
+spec:
+  ports:
+    - port: 8083
+      protocol: TCP
+      targetPort: 8083
+  selector:
+    app: frontend
+  type: ClusterIP

apps/camper/owntracks/deployment.yaml

@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: recorder
+  labels:
+    app: recorder
+spec:
+  selector:
+    matchLabels:
+      app: recorder
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: recorder
+    spec:
+      containers:
+        - name: recorder
+          env:
+            - name: OTR_HOST
+              value: mqtt-plain.mosquitto.svc.cluster.local
+            - name: OTR_HTTPPREFIX
+              value: https://owntracks.camper.tobru.ch
+            - name: OTR_TOPICS
+              value: "owntracks/#"
+            - name: OTR_HTTPHOST
+              value: "0.0.0.0"
+          envFrom:
+            - secretRef:
+                name: recorder
+          image: git.tbrnt.ch/tobru/ot-recorder:0.9.7
+          imagePullPolicy: IfNotPresent
+          command:
+            - ot-recorder
+          ports:
+            - containerPort: 8083
+              protocol: TCP
+              name: recorder
+          livenessProbe:
+            httpGet:
+              path: /api/0/monitor
+              port: 8083
+            initialDelaySeconds: 1
+            periodSeconds: 30
+          volumeMounts:
+            - name: data
+              mountPath: /store
+          securityContext:
+            runAsUser: 9999
+            runAsGroup: 9999
+          tty: true
+          resources:
+            requests:
+              memory: 32Mi
+              cpu: 100m
+            limits:
+              memory: 128Mi
+              cpu: 300m
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: owntracks-data
+      imagePullSecrets:
+        - name: registry

apps/camper/owntracks/ingress.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod-desec
+    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
+  labels:
+    app: recorder
+  name: recorder
+spec:
+  rules:
+    - host: owntracks.camper.tobru.ch
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: recorder
+                port:
+                  number: 8083
+  tls:
+    - hosts:
+        - owntracks.camper.tobru.ch
+      secretName: ingress-cert

apps/camper/owntracks/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pvc.yaml
+  - deployment.yaml
+  - ingress.yaml
+  - service.yaml
+generators:
+  - secret-generator.yaml

apps/camper/owntracks/pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: owntracks-data
+  labels:
+    app: recorder
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: local-path

apps/camper/owntracks/secret-generator.yaml

@@ -0,0 +1,7 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+files:
+  - secret.sops.yaml
+  - secret-registry.sops.yaml

apps/camper/owntracks/secret-registry.sops.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: registry
+type: kubernetes.io/dockerconfigjson
+stringData:
+    .dockerconfigjson: ENC[AES256_GCM,data:+aZbHiEbXB0vWkiCRaL9eRD+VeKJXN9e9t7vh0KK4WDILMcBL3jx5XNbvlG43TJaeUxDaZvNHIXxVWdNu6RepOc43p7EVHDFdzF74MqlubLD0fov2Xzbl9XznIPYhBuV379ySKYnf7JIHXzjX0fwhc/+l7SEp+puNGpuS9P2chRiJUfx036UvfQGoyZ/bfY0KP3EFZr+VWFK3Z4=,iv:BwMmZb0FYYqtnOeNtcaRFCD+VgIWhUZEzyQg0UVTZHA=,tag:r+BPr7WU4sdThlWewCgQTw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aHZjK2ROVVAzaFIrUWpQ
+            ZnNNRitJbW0xdVpEYWdKcXJ2U2RYWjhKU3l3CnRjZnptYm54K0REWGRGV3dSWnFC
+            MnVkQWdkdDJFL09wRVlSM1hLaVRUUXMKLS0tIHRmY2lqS1MrZk1mRjcvcEljajFK
+            N20wMWNDUVR5WC9hOGNORVJMSmNTSzAKFrRms3YORUsES0izfwWkpFXZfXrNAj6T
+            0tHZrYKdEJlxT9Y1hSezHv+Vl/ACj6on++glZbnFOO46jMehnNOQvw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-25T20:00:39Z"
+    mac: ENC[AES256_GCM,data:rFhek+oI2C8paXIUrivE2cKdetY6UXbogoa/2jwHwrcyf1RrPqLWd/rsKP/q18RD/ZMEKLouXEvnDqW0KnqOyz2LltdaQnPVMR66SMlsDdYyiI9cunzhD47uaCboqrAKk+AWOgycW4p7dTkfnR2j/ecUOoVrXT2uyJnjN7L26tk=,iv:Q6eTnnO15RfznLxdMTmc7aFWqVOxwfny5/7UmOC4BZc=,tag:KDugPUaz4r77e95PnwTQ6w==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

apps/camper/owntracks/secret.sops.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: recorder
+stringData:
+    OTR_GEOKEY: ENC[AES256_GCM,data:JFlrjZ2xUyXQ9ASwtzIKlr39l8BTdVM/LwyoHYZOFzPv/3OMkFujTT0=,iv:zsw01K5LY5DlER7YTE37DwoN38Mr1wrBRajJq6eYzaQ=,tag:WzkXRH4pINoSVZvnL1ptsA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c293czFjS2FTblJOYUxr
+            cmllL2VmOUsvYUdJZFpmUGpCTjhwb3J1aFFvClBHUTNYSHl5aWlKUWNzNXpyYXlO
+            anpiQnc4bFdERXNjT1I1cGZGN3EzQzAKLS0tIFVOMHQ3eTNpYnBLOFNLZHpIZmNa
+            OWlMVnBYQjlQZ0FYaWh0dTROdjVxY1kKx5ofUOIlVJS6TB6p9Womj2M/emacoOOf
+            9G6gT+aeCmRXyEgksSkSn9tqV4RFlD+YOHUaOaqeOWC2s/EEmTP7ZQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-25T20:00:43Z"
+    mac: ENC[AES256_GCM,data:qkX62rjHBTdjgiMI8MRylWTbBIdSvNu6he1g5cItOMvz8XEWZXa+uInkVW523wx8Hw/8Kc8qEFt88YkChS5WFtlehF9U4o1HyciBVQvpZHiYAeGEedO6HaxzZ/IXS7OBOOxP5A+tKJGqrtZRtZuH3EwL7ASUOlkBvNilVSyRqII=,iv:2ktm9XRP/IgN4YC/XykImlDOdMewsF7KtpZa/SVV0ds=,tag:Bcbj+TGtOroiDJEzWUIb6A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

apps/camper/owntracks/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: recorder
+  labels:
+    app: recorder
+spec:
+  ports:
+    - port: 8083
+      protocol: TCP
+      targetPort: 8083
+  selector:
+    app: recorder
+  type: ClusterIP

argoapps/camper/owntracks-fe.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: camper-owntracks-fe
+  namespace: argocd
+spec:
+  project: apps-camper
+  source:
+    path: apps/camper/owntracks-fe
+    repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
+    targetRevision: HEAD
+  destination:
+    name: camper
+    namespace: owntracks-fe
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true

argoapps/camper/owntracks.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: camper-owntracks
+  namespace: argocd
+spec:
+  project: apps-camper
+  source:
+    path: apps/camper/owntracks
+    repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
+    targetRevision: HEAD
+  destination:
+    name: camper
+    namespace: owntracks
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true