From 8c605d0f9fae8b2a6f42c64974342b6c53da03da Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 28 Dec 2023 17:34:25 -0600 Subject: [PATCH] home-assistant: Clean up restart_diddy_mopidy Moving the shell command to an external script allows me to update it without having to restart Home Assistant. Including the SSH private key in the Secret not only allows it to be managed by Kubernetes, but also works around a permissions issue when storing the key in the `/config` volume. The `ssh` command refuses to use a key file with write permission for the group or other fields, but the Kubelet sets `g=rw` when `fsGroup` is set on the pod. --- home-assistant/kustomization.yaml | 1 + home-assistant/restart-diddy-mopidy.sh | 2 ++ home-assistant/secrets.yaml | 1 + home-assistant/shell-command.yaml | 2 +- 4 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 home-assistant/restart-diddy-mopidy.sh diff --git a/home-assistant/kustomization.yaml b/home-assistant/kustomization.yaml index f795987..df0e51e 100644 --- a/home-assistant/kustomization.yaml +++ b/home-assistant/kustomization.yaml @@ -25,6 +25,7 @@ configMapGenerator: - configuration.yaml - event-snapshot.sh - groups.yaml + - restart-diddy-mopidy.sh - shell-command.yaml options: disableNameSuffixHash: true diff --git a/home-assistant/restart-diddy-mopidy.sh b/home-assistant/restart-diddy-mopidy.sh new file mode 100644 index 0000000..7b861eb --- /dev/null +++ b/home-assistant/restart-diddy-mopidy.sh @@ -0,0 +1,2 @@ +set -e +ssh -i /run/secrets/home-assistant/sshkey.pem -oUserKnownHostsFile=/config/ssh_known_hosts -oBatchMode=yes pi@diddy.pyrocufflink.red restart-mopidy diff --git a/home-assistant/secrets.yaml b/home-assistant/secrets.yaml index b8627ba..af92cfa 100644 --- a/home-assistant/secrets.yaml +++ b/home-assistant/secrets.yaml @@ -27,6 +27,7 @@ metadata: spec: encryptedData: secrets.yaml: AgAcQGBxXTW6s/4lcGoyKYn9NL7h4L8rbFeC87GbXQunVD4h37kiET55c5AgSj95X0Y8Vn9EYgd85xY5vDjxkAQ8qmcBL0SlrHuAxlRONoVDIgUmGIk91p4boVXp4Db+DzvtezjCruraIh4MgVQS9nS30MG3PWb/IfsHeaGNAyIL6OCdJYWTIUD9ceCdCNrTCeK45qow+ZHYhwpw6puXLQEq45j1UX1fgCsnNfYxDXRoW/vOwFLnOfN6JTjSyu28Qo4jIqu0iF26hMViU+ok/eYzC9J0fpfwGHhDdGMI29cWYyTS+L0BBbV37mMPx7UKYShweL6kK6Ar2ewB6tFQzr4eHcX6Qb8EuNYKBHz9kLrgZp54diUuiX1thjwbSLkv+HJa4voKyvsab3Nug4FJPlvg6R6J852dpmFK1ElK5ejkGaqfvT0iqGA1AvQe51FOSOARjC9/g29i6T5S5+5Cc3igJdfiadd3vTWTKpR0kf7mvoL4MT4OGPvir2O1bjXB5Mv9zDt2Cm+ZD5ve3n4Dq5WqOvkJN9FJMRe04rM1a1yP8lSzuil20OVDc1N4wrCtPJ71bqsNpLAbsYy2E/t2gU1UVM+HkkA9FucAQs5fs8Fe5fYsYLg6zUtM6i9fB+Y1JbAY9GWYMAA+enkrkAHLqxxFF1g5Dc9cpmyP+1fu5jy2BF0GfmIPuyuUTch/20pngnoFLM9JdkRP0SkgJ4/wtAnWKY1twbUPjb/L53rEpZWICPbJjR19Y1FycDwAauZmTmg8ZQ0ro1uh77rbTsCmViUKwXsrSUTY7mGmD5q4LCtRZqWRBDt3Hl5jHvhzvUSGeso+YnnaLr6GXYdRkibxWA5X6SG1iBHoQzKqUPO28Ybsnv6Au4RloDU2TAAUNnl32L0Kq4yjIwlAq9r2ASWwgUJUqU12i3wnC4iHrE6jeLQSQ6yrkJOrUyizaPJWfr/4JFeLVOcBM1SjR0y/dtuWnPvgItsTHwDJyw== + sshkey.pem: AgAO3JhY5nUDWXwCobrhuLun514j53GMixhlgTVJypYhxCC+nKfnMv0dFeU4dVlKgwLgncmbrYxL/QS6lCIVxDeKmwaBu8bg8bouHnQkhZlTxveMGhzzc/PNCR43hubPeS9t99s/YyEjj6lw3ApoVxneNaYoqGVdhZk2IzNy17I/4RFBwp4TpTw1Fz8TR8QYKWnrFcghWsI8iQbg8CmLFepako/OlAdp/p2B5ADwsp+3iu5JJtO2W5eleAPu0JvJRRfIy9HAZm1VEA5oc8ahrU0lO1DRwBpdvJDEb+mRM/5EGZnxegOOWAOIbYqO3dYZz4rl+AfSh2cH8ubhscAsVo6xjzV75a/oyQDxPl+xb3gqVs8GGZLlIlyL0KAv1/G5bWOKSqH86uzmkvgABRGUDjbpRM1WBMEIM52qn2qC41gFecXPZ2lDKDeEM/ENbmAPnDyJbptY7Iy94lt+eTU1I9a9dK+lrlUS5J7z9Hl6xUsBlhiVF6rTufFuiwcDLlkbNe0p7xGqsKAVvzcbGotNRF0030GTpspJuy1oRydGckVIwsebGEOAK4mg0W8xdBtCpQQ/6/qpFn+T8f03S1XAOGlS4IxmnogkwuG+bRw9FNLaFQlE4RRiCxou8OF/UV+h7LXE4xlqn5motRV8aHOT41VMF81XRwjHWVZh+9Yps7bIngclAjxksDTGWJJRaJaaiJNsRkqzv6fJlhzNDoorjrF8K8xJxno5rmEuh7eDuyns7lgHZVJ4/IghLoRO8T1sgaqx4qkMoPkgcAt+Z1witMq40DEwLy3sCZ9qLNecxMr5HxBuRcja46TUVbsmhEv8gfVGQOYScF4YOZKSk1UDK2Ls16lnnskBy++f8eoeBnHqr4SmyXzCPEBPYTIw0HNsj0pB1JTAvGuXGEKO9d29DEtSHumhqJGKM9OEcEb2rMdHt5GMQlWQIlDDuZiCKPPAoQKF5fkZTwn8lj6wo/UsJh6tYbtXN12Bd5r2FEcpX6ELo0HeKgu1TAICPCg/FF/NPdcubGxMaUotLyY0tGxuy/4RJIBfF71/OwTbEadnj94uHQ9at6EdI56+yiL5hDOQSCMGCtPZ4H94rdw7RkB0bncaxkYZ3d/yFUdUXP1NP6TyL3HJNux1xNcu1Vrl93b0qB4IBwc3YmoGSbzosBae6js4GCHpMF92XMbEsagloPFcwn3NX3oxReckbHmjaIz7OpeUrMk5hkR/0zjjp/NJ8zc= template: metadata: name: home-assistant diff --git a/home-assistant/shell-command.yaml b/home-assistant/shell-command.yaml index bcb7035..84c3af8 100644 --- a/home-assistant/shell-command.yaml +++ b/home-assistant/shell-command.yaml @@ -2,4 +2,4 @@ event_snapshot: >- sh /run/config/event-snapshot.sh {{ event_id }} restart_diddy_mopidy: >- - ssh -i /config/homeassistant-ssh.pem -oUserKnownHostsFile=/config/ssh_known_hosts -oBatchMode=yes pi@diddy.pyrocufflink.red restart-mopidy + sh /run/config/restart-diddy-mopidy.sh