diff --git a/charts/incubator/pialert/.helmignore b/charts/incubator/pialert/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/charts/incubator/pialert/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/charts/incubator/pialert/CHANGELOG.md b/charts/incubator/pialert/CHANGELOG.md new file mode 100644 index 00000000000..825c32f0d03 --- /dev/null +++ b/charts/incubator/pialert/CHANGELOG.md @@ -0,0 +1 @@ +# Changelog diff --git a/charts/incubator/pialert/Chart.yaml b/charts/incubator/pialert/Chart.yaml new file mode 100644 index 00000000000..0aacd9075f0 --- /dev/null +++ b/charts/incubator/pialert/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: "latest" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 11.0.7 +deprecated: false +description: Monitoring your WIFI/LAN network and alerting of new (intruder or hacker) devices. +home: https://truecharts.org/docs/charts/incubator/pialert +icon: https://truecharts.org/img/hotlink-ok/chart-icons/pialert.png +keywords: + - pialert + - networking +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: pialert +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/pialert + - https://github.com/jokob-sk/Pi.Alert + - https://hub.docker.com/r/jokobsk/pi.alert +type: application +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - networking + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/charts/incubator/pialert/README.md b/charts/incubator/pialert/README.md new file mode 100644 index 00000000000..137e2d8614b --- /dev/null +++ b/charts/incubator/pialert/README.md @@ -0,0 +1 @@ +# pialert diff --git a/charts/incubator/pialert/docs/installation_notes.md b/charts/incubator/pialert/docs/installation_notes.md new file mode 100644 index 00000000000..dafe0698b9a --- /dev/null +++ b/charts/incubator/pialert/docs/installation_notes.md @@ -0,0 +1,7 @@ +# Installation Notes + +:::warning + +This app defaults to host network **enabled**. + +::: diff --git a/charts/incubator/pialert/icon.png b/charts/incubator/pialert/icon.png new file mode 100644 index 00000000000..ee994735111 Binary files /dev/null and b/charts/incubator/pialert/icon.png differ diff --git a/charts/incubator/pialert/questions.yaml b/charts/incubator/pialert/questions.yaml new file mode 100644 index 00000000000..f068e5ed8f6 --- /dev/null +++ b/charts/incubator/pialert/questions.yaml @@ -0,0 +1,518 @@ +# Include{groups} +portals: + open: +# Include{portalLink} +questions: +# Include{global} +# Include{controller} +# Include{replicas} +# Include{replica1} +# Include{controllerExpertExtraArgs} + - variable: pialert + group: App Configuration + label: PiAlert Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: General + schema: + additional_attrs: true + type: dict + attrs: + - variable: dark_mode + label: Dark Mode + description: Forces dark mode by creating a file in the container + schema: + type: boolean + default: true + - variable: web_protection + label: Web Protection + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: web_password + label: Web Password + schema: + type: string + default: "" + private: true + required: true + - variable: print_log + label: Print Log + schema: + type: boolean + default: false + - variable: report_dashboard_url + label: Report Dashboard URL + schema: + type: string + default: "" + required: true + - variable: days_to_keep_events + label: Days to Keep Events + schema: + type: int + default: 90 + required: true + - variable: scan_cycle_minutes + label: Scan Cycle Minutes + schema: + type: int + default: 5 + required: true + - variable: included_sections + label: Included Sections + description: Empty list, will add all sections + schema: + type: list + default: [] + items: + - variable: section + label: Section + schema: + type: string + default: "" + required: true + enum: + - value: internet + description: Internet + - value: new_devices + description: New Devices + - value: down_devices + description: Down Devices + - value: events + description: Events + - variable: scan_subnets + label: Scan Subnets + description: CIDR format is <192.168.1.0/24> and interface format is + schema: + type: list + required: true + default: [] + items: + - variable: subnet + label: Subnet + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + required: true + - variable: interface + label: Interface + schema: + type: string + default: "" + required: true + - variable: pushsafer + label: PushSafer + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: token + label: Token + schema: + type: string + default: "" + private: true + required: true + - variable: apprise + label: Apprise + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: url + label: URL + schema: + type: string + default: "" + required: true + - variable: ntfy + label: ntfy + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: topic + label: Topic + schema: + type: string + default: "" + required: true + - variable: user + label: Username + schema: + type: string + default: "" + - variable: password + label: Password + schema: + type: string + default: "" + - variable: webhook + label: Webhook + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: url + label: URL + schema: + type: string + default: "" + required: true + - variable: payload + label: Payload + schema: + type: string + default: json + required: true + enum: + - value: json + description: JSON + - value: html + description: HTML + - value: text + description: TEXT + - variable: method + label: Method + schema: + type: string + default: GET + - variable: email + label: Email + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: server + label: Server + schema: + type: string + default: "" + required: true + - variable: port + label: Port + schema: + type: int + default: 587 + required: true + - variable: report_to + label: Report To + schema: + type: string + default: "" + required: true + - variable: report_from + label: Report From + schema: + type: string + default: "" + required: true + - variable: skip_login + label: Skip Login + schema: + type: boolean + default: false + - variable: skip_tls + label: Skip TLS + schema: + type: boolean + default: false + - variable: user + label: Username + schema: + type: string + default: "" + - variable: password + label: Password + schema: + type: string + default: "" + - variable: mqtt + label: MQTT + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: broker + label: Broker + schema: + type: string + default: "" + required: true + - variable: port + label: Port + schema: + type: int + default: 587 + required: true + - variable: user + label: Username + schema: + type: string + default: "" + - variable: password + label: Password + schema: + type: string + default: "" + - variable: qos + label: QOS + schema: + type: int + default: 0 + required: true + - variable: delay_sec + label: Delay Sec + schema: + type: int + default: 2 + required: true + - variable: dyndns + label: DynDNS + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: domain + label: Domain + schema: + type: string + default: "" + required: true + - variable: force + label: Force + schema: + type: boolean + default: false + - variable: timeout + label: Timeout + schema: + type: int + default: 20 + required: true + - variable: days_data + label: Days Data + schema: + type: int + default: 7 + required: true + - variable: days_data + label: Days Data + schema: + type: int + default: 7 + required: true + - variable: run + label: Run + schema: + type: string + default: once + required: true + - variable: run_timeout + label: Run Timeout + schema: + type: int + default: 300 + required: true + - variable: run_schedule + label: Run Schedule + schema: + type: string + default: "0 4 * * *" + required: true + - variable: pihole + label: PiHole + schema: + additional_attrs: true + type: dict + attrs: + - variable: pihole_active + label: PiHole Active (Not covered by support) + description: If enabled you need to map '/etc/pihole/pihole-FTL.db' with additional storage. Not covered by support + schema: + type: boolean + default: false + - variable: dhcp_active + label: DHCP Active (Not covered by support) + description: If enabled you need to map '/etc/pihole/dhcp.leases' with additional storage. Not covered by support + schema: + type: boolean + default: false +# Include{containerConfig} +# Include{serviceRoot} + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: +# Include{serviceSelectorLoadBalancer} +# Include{serviceSelectorExtras} + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 10600 + required: true +# Include{serviceExpertRoot} + default: true +# Include{serviceExpert} +# Include{serviceList} +# Include{persistenceRoot} + - variable: config + label: App Config Storage + description: Stores the Application Configuration. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} + - variable: db + label: App DB Storage + description: Stores the Application DB. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceList} +# Include{ingressRoot} + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} +# Include{ingressTLS} +# Include{ingressTraefik} +# Include{ingressList} +# Include{security} +# Include{securityContextAdvancedRoot} + - variable: privileged + label: Privileged mode + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: ReadOnly Root Filesystem + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: Allow Privilege Escalation + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: runAsNonRoot + schema: + type: boolean + default: false +# Include{podSecurityContextRoot} + - variable: runAsUser + label: runAsUser + description: The UserID of the user running the application + schema: + type: int + default: 0 + - variable: runAsGroup + label: runAsGroup + description: The groupID this App of the user running the application + schema: + type: int + default: 0 + - variable: fsGroup + label: fsGroup + description: The group that should own ALL storage. + schema: + type: int + default: 568 +# Include{podSecurityContextAdvanced} +# Include{resources} +# Include{advanced} +# Include{addons} +# Include{codeserver} +# Include{vpn} +# Include{documentation} diff --git a/charts/incubator/pialert/templates/_secret.tpl b/charts/incubator/pialert/templates/_secret.tpl new file mode 100644 index 00000000000..a92505cc2df --- /dev/null +++ b/charts/incubator/pialert/templates/_secret.tpl @@ -0,0 +1,148 @@ +{{/* Define the configmap */}} +{{- define "pialert.secret" -}} + +{{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) }} + +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ $secretName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +stringData: + pialert.conf: | + # General + TIMEZONE={{ .Values.TZ | squote }} + PIALERT_WEB_PROTECTION={{ ternary "True" "False" .Values.pialert.general.web_protection }} + {{- if .Values.pialert.general.web_protection }} + PIALERT_WEB_PASSWORD={{ .Values.pialert.general.web_password | squote }} + {{- end }} + PRINT_LOG={{ ternary "True" "False" .Values.pialert.general.print_log }} + REPORT_DASHBOARD_URL={{ .Values.pialert.general.report_dashboard_url | squote }} + DAYS_TO_KEEP_EVENTS={{ .Values.pialert.general.days_to_keep_events }} + SCAN_CYCLE_MINUTES={{ .Values.pialert.general.scan_cycle_minutes }} + {{- with (uniq .Values.pialert.general.included_sections) }} + {{- if gt (len .) 4 -}} + {{- fail "You can define up to 4 unique sections" -}} + {{- end }} + INCLUDED_SECTIONS=[ + {{- range $section := initial . }} + {{ . | squote }}, + {{- end }} + {{ last . | squote }} + ] + {{- else }} + INCLUDED_SECTIONS=['internet','new_devices','down_devices','events'] + {{- end }} + {{- with .Values.pialert.general.scan_subnets }} + SCAN_SUBNETS=[ + {{- range $entry := initial . }} + {{ (printf "%s --interface=%s" .cidr .interface) | squote }}, + {{- end }} + {{- with last . }} + {{ (printf "%s --interface=%s" .cidr .interface) | squote }} + {{- end }} + ] + {{- end }} + + + # PUSHSAFER + REPORT_PUSHSAFER={{ ternary "True" "False" .Values.pialert.pushsafer.enabled }} + {{- if .Values.pialert.pushsafer.enabled }} + PUSHSAFER_TOKEN={{ .Values.pialert.pushsafer.token | squote }} + {{- end }} + + + # Apprise + REPORT_APPRISE={{ ternary "True" "False" .Values.pialert.apprise.enabled }} + {{- if .Values.pialert.apprise.enabled }} + APPRISE_HOST={{ .Values.pialert.apprise.host | squote }} + APPRISE_URL={{ .Values.pialert.apprise.url | squote }} + {{- end }} + + + # NTFY + REPORT_NTFY={{ ternary "True" "False" .Values.pialert.ntfy.enabled }} + {{- if .Values.pialert.ntfy.enabled }} + NTFY_HOST={{ .Values.pialert.ntfy.host | squote }} + NTFY_TOPIC={{ .Values.pialert.ntfy.topic | squote }} + NTFY_USER={{ .Values.pialert.ntfy.user | squote }} + NTFY_PASSWORD={{ .Values.pialert.ntfy.password | squote }} + {{- end }} + + + # Webhooks + REPORT_WEBHOOK={{ ternary "True" "False" .Values.pialert.webhook.enabled }} + {{- if .Values.pialert.webhook.enabled }} + WEBHOOK_URL={{ .Values.pialert.webhook.url | squote }} + WEBHOOK_PAYLOAD={{ .Values.pialert.webhook.payload | squote }} + WEBHOOK_REQUEST_METHOD={{ .Values.pialert.webhook.method | squote }} + {{- end }} + + + # Email + REPORT_MAIL={{ ternary "True" "False" .Values.pialert.email.enabled }} + {{- if .Values.pialert.email.enabled }} + SMTP_SERVER={{ .Values.pialert.email.server | squote }} + SMTP_PORT={{ .Values.pialert.email.port }} + REPORT_TO={{ .Values.pialert.email.report_to | squote }} + REPORT_FROM={{ .Values.pialert.email.report_from | squote }} + SMTP_SKIP_LOGIN={{ ternary "True" "False" .Values.pialert.email.skip_login }} + {{- with .Values.pialert.email.user }} + SMTP_USER={{ . | squote }} + {{- end }} + {{- with .Values.pialert.email.password }} + SMTP_PASS={{ . | squote }} + {{- end }} + SMTP_SKIP_TLS={{ ternary "True" "False" .Values.pialert.email.skip_tls }} + {{- end }} + + + # MQTT + REPORT_MQTT={{ ternary "True" "False" .Values.pialert.mqtt.enabled }} + {{- if .Values.pialert.email.enabled }} + MQTT_BROKER={{ .Values.pialert.mqtt.broker | squote }} + MQTT_PORT={{ .Values.pialert.mqtt.port }} + {{- with .Values.pialert.mqtt.user }} + MQTT_USER={{ . | squote }} + {{- end }} + {{- with .Values.pialert.mqtt.password }} + MQTT_PASSWORD={{ . | squote }} + {{- end }} + MQTT_QOS={{ .Values.pialert.mqtt.qos }} + MQTT_DELAY_SEC={{ .Values.pialert.mqtt.delay_sec }} + {{- end }} + + + # DynDNS + DDNS_ACTIVE={{ ternary "True" "False" .Values.pialert.dyndns.enabled }} + {{- if .Values.pialert.dyndns.enabled }} + DDNS_DOMAIN={{ .Values.pialert.dyndns.domain | squote }} + {{- with .Values.pialert.dyndns.user }} + DDNS_USER={{ . | squote }} + {{- end }} + {{- with .Values.pialert.dyndns.password }} + DDNS_PASSWORD={{ . | squote }} + {{- end }} + DDNS_UPDATE_URL={{ .Values.pialert.dyndns.update_url | squote }} + {{- end }} + + + # Pholus + PHOLUS_ACTIVE={{ ternary "True" "False" .Values.pialert.pholus.enabled }} + {{- if .Values.pialert.pholus.enabled }} + PHOLUS_TIMEOUT={{ .Values.pialert.pholus.timeout }} + PHOLUS_FORCE={{ ternary "True" "False" .Values.pialert.pholus.force }} + PHOLUS_DAYS_DATA={{ .Values.pialert.pholus.days_data }} + PHOLUS_RUN={{ .Values.pialert.pholus.run | squote }} + PHOLUS_RUN_TIMEOUT={{ .Values.pialert.pholus.run_timeout }} + PHOLUS_RUN_SCHD={{ .Values.pialert.pholus.run_schedule | squote }} + {{- end }} + + + # PiHole + PIHOLE_ACTIVE={{ ternary "True" "False" .Values.pialert.pihole.pihole_active }} + DHCP_ACTIVE={{ ternary "True" "False" .Values.pialert.pihole.dhcp_active }} +{{- end }} diff --git a/charts/incubator/pialert/templates/common.yaml b/charts/incubator/pialert/templates/common.yaml new file mode 100644 index 00000000000..76533163b95 --- /dev/null +++ b/charts/incubator/pialert/templates/common.yaml @@ -0,0 +1,7 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{- include "pialert.secret" . -}} + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/charts/incubator/pialert/values.yaml b/charts/incubator/pialert/values.yaml new file mode 100644 index 00000000000..b575d51a195 --- /dev/null +++ b/charts/incubator/pialert/values.yaml @@ -0,0 +1,142 @@ +image: + repository: tccr.io/truecharts/pialert + pullPolicy: IfNotPresent + tag: latest@sha256:a25d25c8d2be38895e4bee0e13f934ed7048a07753e84a6854c9e9b04187fbae + +securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: false + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +hostNetwork: true + +pialert: + general: + dark_mode: true + web_protection: false + web_password: "" + print_log: false + report_dashboard_url: http://localhost + days_to_keep_events: 90 + scan_cycle_minutes: 5 + included_sections: [] + scan_subnets: + [] + # - cidr: "192.168.1.0/24" + # interface: eth0 + pushsafer: + enabled: false + token: "" + apprise: + enabled: false + host: "" + url: "" + ntfy: + enabled: false + host: "" + topic: "" + user: "" + password: "" + webhook: + enabled: false + url: "" + payload: json + method: GET + email: + enabled: false + server: "" + port: 587 + report_to: "" + report_from: "" + skip_login: false + skip_tls: false + user: "" + password: "" + mqtt: + enabled: false + broker: "" + port: 1883 + user: "" + password: "" + qos: 0 + delay_sec: 2 + dyndns: + enabled: false + domain: "" + user: "" + password: "" + update_url: "" + pholus: + enabled: false + timeout: 20 + force: false + days_data: 7 + run: once + run_timeout: 300 + run_schedule: "0 4 * * *" + pihole: + # If enabled you need to map '/etc/pihole/pihole-FTL.db' with additional storage + pihole_active: false + # If enabled you need to map '/etc/pihole/dhcp.leases' with additional storage + dhcp_active: false + +env: + HOST_USER_ID: "{{ .Values.podSecurityContext.runAsUser }}" + HOST_USER_GID: "{{ .Values.podSecurityContext.fsGroup }}" + PORT: "{{ .Values.service.main.ports.main.port }}" + +service: + main: + ports: + main: + protocol: HTTP + port: 10600 + +persistence: + config: + enabled: true + mountPath: /home/pi/pialert/config + db: + enabled: true + mountPath: /home/pi/pialert/db + pialert-config: + enabled: true + noMount: true + type: secret + objectName: '{{ template "tc.common.names.fullname" . }}-secret' + +initContainers: + init: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + volumeMounts: + - name: db + mountPath: /home/pi/pialert/db + - name: config + mountPath: /home/pi/pialert/config + - name: pialert-config + mountPath: /tc-pialert.conf + subPath: pialert.conf + command: ["/bin/sh", "-c"] + args: + - | + dark_file="/home/pi/pialert/db/setting_darkmode" + temp_config_file="/tc-pialert.conf" + config_file="/home/pi/pialert/config/pialert.conf" + echo "Copying config file into it's directory.." + cp -f "$temp_config_file" "$config_file" && echo "Copied config file successfully!" || echo "Failed to copy config file..." + {{- if .Values.pialert.general.dark_mode }} + echo "Enabling dark mode file..." + touch "$dark_file" && echo "Created dark mode file!" || echo "Failed to create dark mode file..." + {{- else }} + if [ -f "$dark_file" ]; then + rm -f $dark_file && echo "Dark mode file removed!" || echo "Failed to remove dark mode file..." + else + echo "Dark mode file does not exist, no action is needed." + fi + {{- end }} + +portal: + enabled: true