From e0d797e43dd8ba416d2061ba481e806707c51440 Mon Sep 17 00:00:00 2001 From: Peter Pathirana Date: Sun, 1 Jun 2025 09:20:01 -0400 Subject: [PATCH 1/3] fix: relocate mounted secrets --- .../homelab-workspace/coder-agent.tf | 6 +++-- .../kubernetes/homelab-workspace/configmap.tf | 1 + .../kubernetes/homelab-workspace/main.tf | 8 +++--- .../homelab-workspace/script-agent-startup.sh | 27 +++++++++++++++++++ 4 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 templates/kubernetes/homelab-workspace/script-agent-startup.sh diff --git a/templates/kubernetes/homelab-workspace/coder-agent.tf b/templates/kubernetes/homelab-workspace/coder-agent.tf index 8f8138a2..697939d5 100644 --- a/templates/kubernetes/homelab-workspace/coder-agent.tf +++ b/templates/kubernetes/homelab-workspace/coder-agent.tf @@ -1,6 +1,8 @@ resource "coder_agent" "main" { - arch = "amd64" - os = "linux" + arch = "amd64" + os = "linux" + startup_script = "/bin/bash --noprofile --norc /agent-startup.sh" + startup_script_behavior = "blocking" metadata { display_name = "CPU Usage" diff --git a/templates/kubernetes/homelab-workspace/configmap.tf b/templates/kubernetes/homelab-workspace/configmap.tf index c2a5996c..a9da723b 100644 --- a/templates/kubernetes/homelab-workspace/configmap.tf +++ b/templates/kubernetes/homelab-workspace/configmap.tf @@ -8,6 +8,7 @@ resource "kubernetes_config_map" "workspace_scripts" { } data = { + agent_startup_script = file("${path.cwd}/script-agent-startup.sh") system_update_script = file("${path.cwd}/script-system-update.sh") workspace_init_script = coder_agent.main.init_script } diff --git a/templates/kubernetes/homelab-workspace/main.tf b/templates/kubernetes/homelab-workspace/main.tf index 5fa7361c..fa21cdb8 100644 --- a/templates/kubernetes/homelab-workspace/main.tf +++ b/templates/kubernetes/homelab-workspace/main.tf @@ -23,9 +23,9 @@ locals { workspace_secrets = { "github_auth_token" = "${local.home_directory}/.secret/github_token" - "github_public_key" = "${local.home_directory}/.ssh/id_ed25519.pub" - "github_private_key" = "${local.home_directory}/.ssh/id_ed25519" - "kubeconfig_nas" = "${local.home_directory}/.kube/conf.d/nas" - "kubeconfig_homelab" = "${local.home_directory}/.kube/conf.d/homelab" + "github_public_key" = "${local.home_directory}/.secret/id_ed25519.pub" + "github_private_key" = "${local.home_directory}/.secret/id_ed25519" + "kubeconfig_nas" = "${local.home_directory}/.secret/kubeconfig_nas" + "kubeconfig_homelab" = "${local.home_directory}/.secret/kubeconfig_homelab" } } diff --git a/templates/kubernetes/homelab-workspace/script-agent-startup.sh b/templates/kubernetes/homelab-workspace/script-agent-startup.sh new file mode 100644 index 00000000..c038918c --- /dev/null +++ b/templates/kubernetes/homelab-workspace/script-agent-startup.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -eo pipefail + + +main() { + echo '------------------------------------------------------------' + echo 'Re-locating secrets from mounted location to their destinations...' + if [[ ! -f $HOME/.ssh/id_ed25519 ]]; then + if [[ -f $HOME/.secret/id_ed25519 ]]; then + mkdir -p $HOME/.ssh + cp $HOME/.secret/id_ed25519* $HOME/.ssh/ + chmod 600 $HOME/.ssh/id_* + fi + fi + + if [[ ! -d $HOME/.kube/conf.d ]]; then + mkdir -p $HOME/.kube/conf.d + if [[ -f $HOME/.secret/kubeconfig_homelab ]]; then + cp $HOME/.secret/kubeconfig_* $HOME/.kube/conf.d/ + chmod 600 $HOME/.kube/conf.d/kubeconfig_* + fi + fi + echo '------------------------------------------------------------' + echo 'Done' +} + +main From 1f3fdcdec5571f6c46cac3817ef79f6a90f48dea Mon Sep 17 00:00:00 2001 From: Peter Pathirana Date: Sun, 1 Jun 2025 09:22:09 -0400 Subject: [PATCH 2/3] fix: typo --- templates/kubernetes/homelab-workspace/configmap.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/kubernetes/homelab-workspace/configmap.tf b/templates/kubernetes/homelab-workspace/configmap.tf index a9da723b..f12af3be 100644 --- a/templates/kubernetes/homelab-workspace/configmap.tf +++ b/templates/kubernetes/homelab-workspace/configmap.tf @@ -8,7 +8,7 @@ resource "kubernetes_config_map" "workspace_scripts" { } data = { - agent_startup_script = file("${path.cwd}/script-agent-startup.sh") + agent_startup_script = file("${path.cwd}/script-agent-startup.sh") system_update_script = file("${path.cwd}/script-system-update.sh") workspace_init_script = coder_agent.main.init_script } From 22988acad5a9c9562ae3e32c8aab29d41ed3527f Mon Sep 17 00:00:00 2001 From: Peter Pathirana Date: Sun, 1 Jun 2025 09:23:21 -0400 Subject: [PATCH 3/3] fix: formatting --- templates/kubernetes/homelab-workspace/coder-agent.tf | 2 +- templates/kubernetes/homelab-workspace/configmap.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/kubernetes/homelab-workspace/coder-agent.tf b/templates/kubernetes/homelab-workspace/coder-agent.tf index 697939d5..4adccdbf 100644 --- a/templates/kubernetes/homelab-workspace/coder-agent.tf +++ b/templates/kubernetes/homelab-workspace/coder-agent.tf @@ -2,7 +2,7 @@ resource "coder_agent" "main" { arch = "amd64" os = "linux" startup_script = "/bin/bash --noprofile --norc /agent-startup.sh" - startup_script_behavior = "blocking" + startup_script_behavior = "blocking" metadata { display_name = "CPU Usage" diff --git a/templates/kubernetes/homelab-workspace/configmap.tf b/templates/kubernetes/homelab-workspace/configmap.tf index f12af3be..c7049244 100644 --- a/templates/kubernetes/homelab-workspace/configmap.tf +++ b/templates/kubernetes/homelab-workspace/configmap.tf @@ -8,7 +8,7 @@ resource "kubernetes_config_map" "workspace_scripts" { } data = { - agent_startup_script = file("${path.cwd}/script-agent-startup.sh") + agent_startup_script = file("${path.cwd}/script-agent-startup.sh") system_update_script = file("${path.cwd}/script-system-update.sh") workspace_init_script = coder_agent.main.init_script }