feat: add ntfy relay for Grafana alerts

2024-12-22 20:44:33 +07:00 · 2024-01-21 14:43:26 +07:00 · 2024-01-21 14:43:26 +07:00 · bed4134ef0
commit bed4134ef0
parent 5915ebb9d1
13 changed files with 131 additions and 0 deletions
--- a/external/main.tf
+++ b/external/main.tf
@ -12,3 +12,8 @@ module "zerotier" {
    "192.168.1.224/27"
  ]
 }
+
+module "ntfy" {
+  source = "./modules/ntfy"
+  auth   = var.ntfy
+}
--- a/external/modules/cloudflare/main.tf
+++ b/external/modules/cloudflare/main.tf
@ -29,6 +29,10 @@ resource "kubernetes_secret" "cloudflared_credentials" {
  metadata {
    name      = "cloudflared-credentials"
    namespace = "cloudflared"
+
+    annotations = {
+      "app.kubernetes.io/managed-by" = "Terraform"
+    }
  }

  data = {
@ -59,6 +63,10 @@ resource "kubernetes_secret" "external_dns_token" {
  metadata {
    name      = "cloudflare-api-token"
    namespace = "external-dns"
+
+    annotations = {
+      "app.kubernetes.io/managed-by" = "Terraform"
+    }
  }

  data = {
@ -84,6 +92,10 @@ resource "kubernetes_secret" "cert_manager_token" {
  metadata {
    name      = "cloudflare-api-token"
    namespace = "cert-manager"
+
+    annotations = {
+      "app.kubernetes.io/managed-by" = "Terraform"
+    }
  }

  data = {
--- a/external/modules/ntfy/main.tf
+++ b/external/modules/ntfy/main.tf
@ -0,0 +1,16 @@
+resource "kubernetes_secret" "ntfy_auth" {
+  metadata {
+    name      = "ntfy.auth"
+    namespace = "global-secrets"
+
+    annotations = {
+      "app.kubernetes.io/managed-by" = "Terraform"
+    }
+  }
+
+  data = {
+    url      = var.auth.url
+    username = var.auth.username
+    password = var.auth.password
+  }
+}
--- a/external/modules/ntfy/variables.tf
+++ b/external/modules/ntfy/variables.tf
@ -0,0 +1,7 @@
+variable "auth" {
+  type = object({
+    url      = string
+    username = string
+    password = string
+  })
+}
--- a/external/modules/ntfy/versions.tf
+++ b/external/modules/ntfy/versions.tf
@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.9.0"
+    }
+  }
+}
--- a/external/modules/zerotier/main.tf
+++ b/external/modules/zerotier/main.tf
@ -43,6 +43,10 @@ resource "kubernetes_secret" "router" {
  metadata {
    name      = "zerotier-router"
    namespace = "zerotier"
+
+    annotations = {
+      "app.kubernetes.io/managed-by" = "Terraform"
+    }
  }

  data = {
--- a/external/namespaces.yml
+++ b/external/namespaces.yml
@ -10,5 +10,6 @@
        - cert-manager
        - cloudflared
        - external-dns
+        - global-secrets
        - k8up-operator
        - zerotier
--- a/external/terraform.tfvars.example
+++ b/external/terraform.tfvars.example
@ -7,3 +7,12 @@ cloudflare_api_key = "foobarkey"

 # https://my.zerotier.com/account
 zerotier_central_token = "foobartoken"
+
+ntfy = {
+  # https://ntfy.sh/app or your own instance
+  url = "https://ntfy.sh/random_topic_name_here_a8sd7fkjxlkcjasdw33813"
+  # Optional, required if the ntfy instance has access control enabled
+  username = ""
+  # Optional, required if the ntfy instance has access control enabled
+  password = ""
+}
--- a/external/variables.tf
+++ b/external/variables.tf
@ -14,3 +14,13 @@ variable "cloudflare_account_id" {
 variable "zerotier_central_token" {
  type = string
 }
+
+variable "ntfy" {
+  type = object({
+    url      = string
+    username = string
+    password = string
+  })
+
+  sensitive = true
+}
--- a/platform/global-secrets/files/secret-generator/config.yaml
+++ b/platform/global-secrets/files/secret-generator/config.yaml
@ -37,3 +37,10 @@
    - key: PAPERLESS_ADMIN_PASSWORD
      length: 32
      special: true
+
+# ntfy
+- name: ntfy-relay.auth
+  data:
+    - key: password
+      length: 32
+      special: true
--- a/platform/ntfy-relay/Chart.yaml
+++ b/platform/ntfy-relay/Chart.yaml
@ -0,0 +1,7 @@
+apiVersion: v2
+name: ntfy-relay
+version: 0.0.0
+dependencies:
+  - name: app-template
+    version: 2.5.0
+    repository: https://bjw-s.github.io/helm-charts
--- a/platform/ntfy-relay/templates/secret.yaml
+++ b/platform/ntfy-relay/templates/secret.yaml
@ -0,0 +1,26 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ .Release.Name }}-secret
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: global-secrets
+  data:
+    - secretKey: NTFY_URL
+      remoteRef:
+        key: ntfy.auth
+        property: url
+    - secretKey: NTFY_BAUTH_USER
+      remoteRef:
+        key: ntfy.auth
+        property: username
+    - secretKey: NTFY_BAUTH_PASS
+      remoteRef:
+        key: ntfy.auth
+        property: password
+    - secretKey: BAUTH_PASS
+      remoteRef:
+        key: ntfy-relay.auth
+        property: password
--- a/platform/ntfy-relay/values.yaml
+++ b/platform/ntfy-relay/values.yaml
@ -0,0 +1,19 @@
+app-template:
+  controllers:
+    main:
+      containers:
+        main:
+          image:
+            repository: docker.io/kittyandrew/grafana-to-ntfy
+            tag: latest
+          env:
+            BAUTH_USER: admin
+          envFrom:
+            - secret: "{{ .Release.Name }}-secret"
+  service:
+    main:
+      ports:
+        http:
+          port: 80
+          targetPort: 8080
+          protocol: HTTP