From 13dc7aee133ec3fe80201bf3baba3aea1ae4040a Mon Sep 17 00:00:00 2001 From: Gabriel Radureau Date: Sat, 9 May 2026 12:35:03 +0200 Subject: [PATCH] =?UTF-8?q?rename:=20homelab-gateway=20=E2=86=92=20telegra?= =?UTF-8?q?m-gateway?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Aligns the project name with the public URL (tg.arcodange.fr) and the Arcodange organization conventions. The 'homelab-gateway' name was too generic. Touches: chart name + helpers, image registry path, Go module path, secret/configmap names, deployment mountPath, all docs. --- DEPLOY.md | 32 ++++++++++++++--------------- Makefile | 4 ++-- README.md | 14 ++++++------- chart/Chart.yaml | 4 ++-- chart/templates/_helpers.tpl | 20 +++++++++--------- chart/templates/configmap.yaml | 4 ++-- chart/templates/deployment.yaml | 18 ++++++++-------- chart/templates/ingress.yaml | 6 +++--- chart/templates/service.yaml | 6 +++--- chart/templates/serviceaccount.yaml | 4 ++-- chart/templates/vaultauth.yaml | 4 ++-- chart/templates/vaultsecret.yaml | 2 +- chart/values.yaml | 12 +++++------ go.mod | 2 +- main.go | 4 ++-- 15 files changed, 68 insertions(+), 68 deletions(-) diff --git a/DEPLOY.md b/DEPLOY.md index 34dc024..cc88eb1 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -1,10 +1,10 @@ -# Deploy `homelab-gateway` — Phase 1 (echo bot) +# Deploy `telegram-gateway` — Phase 1 (echo bot) Procédure end-to-end pour mettre le gateway en ligne avec un bot `arcodange_factory_bot` (slug interne `factory`). > Phase 1 simplifiée : **pas de Vault**. Le `Secret` k8s -> `homelab-gateway-bots` est créé manuellement avec `kubectl create secret`. +> `telegram-gateway-bots` est créé manuellement avec `kubectl create secret`. > La migration vers Vault Secrets Operator se fait plus tard (Phase 2+) via > `vault.enabled: true` dans `chart/values.yaml`. @@ -12,7 +12,7 @@ Procédure end-to-end pour mettre le gateway en ligne avec un bot ## 1. Pré-requis -- Repo Gitea déjà créé : `arcodange/homelab-gateway` +- Repo Gitea déjà créé : `arcodange/telegram-gateway` - Bot Telegram déjà créé via @BotFather : `@arcodange_factory_bot` - Token : `8737289837:…` (en variable d'env, jamais committé) - chat_id : récupéré via [@userinfobot](https://t.me/userinfobot) @@ -23,17 +23,17 @@ Procédure end-to-end pour mettre le gateway en ligne avec un bot ## 2. Push du repo (déclenche le build Docker) ```bash -cd /Users/gabrielradureau/Work/Vibe/homelab_gateway +cd /Users/gabrielradureau/Work/Vibe/telegram-gateway git init git add . git commit -m "Phase 1 MVP — echo bot factory" git branch -M main -git remote add origin ssh://git@192.168.1.202:2222/arcodange/homelab-gateway.git +git remote add origin ssh://git@192.168.1.202:2222/arcodange/telegram-gateway.git git push -u origin main ``` Gitea Actions build l'image et la pousse : -`gitea.arcodange.lab/arcodange/homelab-gateway:latest`. +`gitea.arcodange.lab/arcodange/telegram-gateway:latest`. ## 3. Créer le `Secret` k8s avec le token + secret_token @@ -43,9 +43,9 @@ SECRET=$(openssl rand -hex 32) # Le namespace est créé par ArgoCD si absent — on le crée explicitement avant # pour pouvoir y poser le Secret tout de suite. -kubectl create namespace homelab-gateway --dry-run=client -o yaml | kubectl apply -f - +kubectl create namespace telegram-gateway --dry-run=client -o yaml | kubectl apply -f - -kubectl -n homelab-gateway create secret generic homelab-gateway-bots \ +kubectl -n telegram-gateway create secret generic telegram-gateway-bots \ --from-literal=BOT_FACTORY_TOKEN='8737289837:AAEVIygazfxgqJTxaxOh3X-mEoKaV7Rw1Gw' \ --from-literal=BOT_FACTORY_SECRET="$SECRET" @@ -60,15 +60,15 @@ echo "secret_token = $SECRET" ## 4. Activer l'Application ArgoCD -L'entrée `homelab-gateway` est ajoutée dans +L'entrée `telegram-gateway` est ajoutée dans `/Users/gabrielradureau/Work/Arcodange/factory/argocd/values.yaml` (PR ouverte). Une fois la PR mergée : ```bash -kubectl -n argocd get app homelab-gateway -w +kubectl -n argocd get app telegram-gateway -w # attends Healthy + Synced -kubectl -n homelab-gateway logs deploy/homelab-gateway -f -# attends "homelab-gateway listening on :8080 (1 bot(s) loaded)" +kubectl -n telegram-gateway logs deploy/telegram-gateway -f +# attends "telegram-gateway listening on :8080 (1 bot(s) loaded)" # Smoke curl -I https://tg.arcodange.fr/healthz # → 200 @@ -79,7 +79,7 @@ curl -I https://tg.arcodange.fr/healthz # → 200 ```bash export BOT_FACTORY_TOKEN='8737289837:AAEVIygazfxgqJTxaxOh3X-mEoKaV7Rw1Gw' export BOT_FACTORY_SECRET="$SECRET" # même valeur qu'à l'étape 3 -cd /Users/gabrielradureau/Work/Vibe/homelab_gateway +cd /Users/gabrielradureau/Work/Vibe/telegram-gateway make setwebhook SLUG=factory BASE_URL=https://tg.arcodange.fr # → "webhook set: url=https://tg.arcodange.fr/bot/factory pending=0 last_err=\"\"" ``` @@ -100,8 +100,8 @@ Pour le test `/echo coucou` répond `coucou`. | Symptôme | Action | |---|---| -| Pod `CreateContainerConfigError` | Le Secret `homelab-gateway-bots` manque. Le créer (étape 3). | -| Pod `CrashLoopBackOff` "no bots in /etc/…/bots.yaml" | ConfigMap pas généré ou mal monté. `kubectl get cm -n homelab-gateway -o yaml`. | +| Pod `CreateContainerConfigError` | Le Secret `telegram-gateway-bots` manque. Le créer (étape 3). | +| Pod `CrashLoopBackOff` "no bots in /etc/…/bots.yaml" | ConfigMap pas généré ou mal monté. `kubectl get cm -n telegram-gateway -o yaml`. | | `curl https://tg.arcodange.fr/healthz` → 502/504 | Ingress pas encore propagé OU le pod n'est pas Ready. `kubectl describe ingress` + `kubectl describe pod`. | | `setWebhook` → `Wrong response from the webhook: 401` | `BOT_FACTORY_SECRET` côté Secret ≠ celui passé à setWebhook. Régénérer + recréer le Secret avec `kubectl delete && create`. | | Webhook accepté mais pas de réponse Telegram | `kubectl logs` côté gateway → erreur sendMessage. Token bot invalide (révoqué via @BotFather ?) ou rate-limit Telegram. | @@ -112,6 +112,6 @@ Pour le test `/echo coucou` répond `coucou`. - Phase 3 : handlers `shell` / `script` / `ollama` async, retry quand le Macbook Ollama est endormi. - Phase 4 : passage à Vault (toggle `vault.enabled: true` + provisionner - `kvv2/homelab-gateway/config`), Wake-on-LAN, multi-provider. + `kvv2/telegram-gateway/config`), Wake-on-LAN, multi-provider. Plan complet : `~/.claude/plans/pour-les-notifications-on-inherited-seal.md`. diff --git a/Makefile b/Makefile index bf3d81e..5fcd40a 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ SHELL := /bin/bash -APP := homelab-gateway -IMAGE := gitea.arcodange.lab/arcodange-org/$(APP) +APP := telegram-gateway +IMAGE := gitea.arcodange.lab/arcodange/$(APP) TAG ?= dev .PHONY: build test vet tidy run docker push setwebhook deletewebhook diff --git a/README.md b/README.md index 2844868..765e8d7 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# homelab-gateway +# telegram-gateway Telegram **webhook gateway** for the Arcodange home lab. Replaces polling-based bots (e.g. those scheduled in Cowork) with direct webhook delivery from @@ -13,7 +13,7 @@ See the design doc at `~/.claude/plans/pour-les-notifications-on-inherited-seal. ## Architecture (current) ``` -Telegram → Cloudflare Tunnel (tg.arcodange.fr) → Service homelab-gateway:8080 +Telegram → Cloudflare Tunnel (tg.arcodange.fr) → Service telegram-gateway:8080 → /bot/ → secret_token check → handler dispatch → Bot API sendMessage ``` @@ -55,19 +55,19 @@ make deletewebhook SLUG=factory ## Configuration - **Routing** (non-secret): YAML at `$CONFIG_PATH` (default - `/etc/homelab-gateway/bots.yaml`, mounted from a ConfigMap in cluster). + `/etc/telegram-gateway/bots.yaml`, mounted from a ConfigMap in cluster). - **Secrets**: per-bot env vars `BOT__TOKEN`, `BOT__SECRET`. Sourced from Vault path - `kvv2/homelab-gateway/config` via Vault Secrets Operator. + `kvv2/telegram-gateway/config` via Vault Secrets Operator. ## Cluster deploy -- Image: `gitea.arcodange.lab/arcodange/homelab-gateway:` +- Image: `gitea.arcodange.lab/arcodange/telegram-gateway:` - Helm chart: `chart/` -- ArgoCD app: `homelab-gateway` (in `factory/argocd/values.yaml`) +- ArgoCD app: `telegram-gateway` (in `factory/argocd/values.yaml`) - Public URL: `https://tg.arcodange.fr` (Cloudflare déjà configuré pour router `*.arcodange.fr` vers le home lab → Traefik route par Host) -- Secrets Phase 1 : `kubectl create secret generic homelab-gateway-bots …` +- Secrets Phase 1 : `kubectl create secret generic telegram-gateway-bots …` (sans Vault). Migration vers Vault Secrets Operator en Phase 2+ via `vault.enabled: true` dans `chart/values.yaml`. diff --git a/chart/Chart.yaml b/chart/Chart.yaml index a010abb..abb49a6 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: homelab-gateway -description: Telegram webhook gateway for the Arcodange home lab +name: telegram-gateway +description: Telegram webhook gateway for the Arcodange home lab (tg.arcodange.fr) type: application version: 0.1.0 appVersion: "0.1.0" diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index f173471..1130ed4 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -1,14 +1,14 @@ {{/* Expand the name of the chart. */}} -{{- define "homelab-gateway.name" -}} +{{- define "telegram-gateway.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Create a default fully qualified app name. */}} -{{- define "homelab-gateway.fullname" -}} +{{- define "telegram-gateway.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -24,16 +24,16 @@ Create a default fully qualified app name. {{/* Chart name + version label value. */}} -{{- define "homelab-gateway.chart" -}} +{{- define "telegram-gateway.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels. */}} -{{- define "homelab-gateway.labels" -}} -helm.sh/chart: {{ include "homelab-gateway.chart" . }} -{{ include "homelab-gateway.selectorLabels" . }} +{{- define "telegram-gateway.labels" -}} +helm.sh/chart: {{ include "telegram-gateway.chart" . }} +{{ include "telegram-gateway.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -43,17 +43,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels. */}} -{{- define "homelab-gateway.selectorLabels" -}} -app.kubernetes.io/name: {{ include "homelab-gateway.name" . }} +{{- define "telegram-gateway.selectorLabels" -}} +app.kubernetes.io/name: {{ include "telegram-gateway.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Service account name. */}} -{{- define "homelab-gateway.serviceAccountName" -}} +{{- define "telegram-gateway.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "homelab-gateway.fullname" .) .Values.serviceAccount.name }} +{{- default (include "telegram-gateway.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml index 4bca72f..ede4821 100644 --- a/chart/templates/configmap.yaml +++ b/chart/templates/configmap.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "homelab-gateway.fullname" . }}-bots + name: {{ include "telegram-gateway.fullname" . }}-bots namespace: {{ .Release.Namespace }} labels: - {{- include "homelab-gateway.labels" . | nindent 4 }} + {{- include "telegram-gateway.labels" . | nindent 4 }} data: bots.yaml: | bots: diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 72cb2f7..98b903b 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -1,10 +1,10 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "homelab-gateway.fullname" . }} + name: {{ include "telegram-gateway.fullname" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "homelab-gateway.labels" . | nindent 4 }} + {{- include "telegram-gateway.labels" . | nindent 4 }} spec: revisionHistoryLimit: 3 {{- if not .Values.autoscaling.enabled }} @@ -12,7 +12,7 @@ spec: {{- end }} selector: matchLabels: - {{- include "homelab-gateway.selectorLabels" . | nindent 6 }} + {{- include "telegram-gateway.selectorLabels" . | nindent 6 }} template: metadata: annotations: @@ -21,7 +21,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "homelab-gateway.labels" . | nindent 8 }} + {{- include "telegram-gateway.labels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -30,7 +30,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "homelab-gateway.serviceAccountName" . }} + serviceAccountName: {{ include "telegram-gateway.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: @@ -39,12 +39,12 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - args: ["serve", "--config", "/etc/homelab-gateway/bots.yaml", "--addr", ":{{ .Values.service.port }}"] + args: ["serve", "--config", "/etc/telegram-gateway/bots.yaml", "--addr", ":{{ .Values.service.port }}"] env: - name: LISTEN_ADDR value: ":{{ .Values.service.port }}" - name: CONFIG_PATH - value: /etc/homelab-gateway/bots.yaml + value: /etc/telegram-gateway/bots.yaml envFrom: - secretRef: name: {{ .Values.secret.name }} @@ -60,14 +60,14 @@ spec: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: bots-config - mountPath: /etc/homelab-gateway + mountPath: /etc/telegram-gateway readOnly: true - name: tmp mountPath: /tmp volumes: - name: bots-config configMap: - name: {{ include "homelab-gateway.fullname" . }}-bots + name: {{ include "telegram-gateway.fullname" . }}-bots - name: tmp emptyDir: {} {{- with .Values.nodeSelector }} diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index ee51f53..3fb22a3 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -2,10 +2,10 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "homelab-gateway.fullname" . }} + name: {{ include "telegram-gateway.fullname" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "homelab-gateway.labels" . | nindent 4 }} + {{- include "telegram-gateway.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -28,7 +28,7 @@ spec: pathType: {{ .pathType }} backend: service: - name: {{ include "homelab-gateway.fullname" $ }} + name: {{ include "telegram-gateway.fullname" $ }} port: number: {{ $.Values.service.port }} {{- end }} diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml index 8a9d123..0699c34 100644 --- a/chart/templates/service.yaml +++ b/chart/templates/service.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "homelab-gateway.fullname" . }} + name: {{ include "telegram-gateway.fullname" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "homelab-gateway.labels" . | nindent 4 }} + {{- include "telegram-gateway.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: @@ -13,4 +13,4 @@ spec: protocol: TCP name: http selector: - {{- include "homelab-gateway.selectorLabels" . | nindent 4 }} + {{- include "telegram-gateway.selectorLabels" . | nindent 4 }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml index e247b45..15a759f 100644 --- a/chart/templates/serviceaccount.yaml +++ b/chart/templates/serviceaccount.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "homelab-gateway.serviceAccountName" . }} + name: {{ include "telegram-gateway.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "homelab-gateway.labels" . | nindent 4 }} + {{- include "telegram-gateway.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/chart/templates/vaultauth.yaml b/chart/templates/vaultauth.yaml index a9eff0e..cf52eff 100644 --- a/chart/templates/vaultauth.yaml +++ b/chart/templates/vaultauth.yaml @@ -5,13 +5,13 @@ metadata: name: auth namespace: {{ .Release.Namespace }} labels: - {{- include "homelab-gateway.labels" . | nindent 4 }} + {{- include "telegram-gateway.labels" . | nindent 4 }} spec: method: kubernetes mount: kubernetes kubernetes: role: {{ .Values.vault.role }} - serviceAccount: {{ include "homelab-gateway.serviceAccountName" . }} + serviceAccount: {{ include "telegram-gateway.serviceAccountName" . }} audiences: - vault {{- end }} diff --git a/chart/templates/vaultsecret.yaml b/chart/templates/vaultsecret.yaml index 81e006a..bd39dcc 100644 --- a/chart/templates/vaultsecret.yaml +++ b/chart/templates/vaultsecret.yaml @@ -5,7 +5,7 @@ metadata: name: bots-secrets namespace: {{ .Release.Namespace }} labels: - {{- include "homelab-gateway.labels" . | nindent 4 }} + {{- include "telegram-gateway.labels" . | nindent 4 }} spec: type: kv-v2 mount: {{ .Values.vault.mount }} diff --git a/chart/values.yaml b/chart/values.yaml index 722c267..17370b9 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,7 +1,7 @@ replicaCount: 1 image: - repository: gitea.arcodange.lab/arcodange/homelab-gateway + repository: gitea.arcodange.lab/arcodange/telegram-gateway pullPolicy: Always tag: "" @@ -85,18 +85,18 @@ bots: handler: echo # k8s Secret consumed by `envFrom`. Phase 1: create it manually with kubectl. -# kubectl -n homelab-gateway create secret generic homelab-gateway-bots \ +# kubectl -n telegram-gateway create secret generic telegram-gateway-bots \ # --from-literal=BOT_FACTORY_TOKEN=… --from-literal=BOT_FACTORY_SECRET=… secret: - name: homelab-gateway-bots + name: telegram-gateway-bots # Vault Secrets Operator integration (Phase 2+). When enabled, VSO writes the -# secret named `secret.name` automatically from `kvv2/homelab-gateway/config`. +# secret named `secret.name` automatically from `kvv2/telegram-gateway/config`. vault: enabled: false - role: homelab-gateway + role: telegram-gateway mount: kvv2 - path: homelab-gateway/config + path: telegram-gateway/config refreshAfter: 30s nodeSelector: diff --git a/go.mod b/go.mod index a0900b3..a0f0ece 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/arcodange-org/homelab-gateway +module github.com/arcodange/telegram-gateway go 1.23 diff --git a/main.go b/main.go index 14bd4ca..4c0eab5 100644 --- a/main.go +++ b/main.go @@ -13,7 +13,7 @@ import ( ) const defaultListenAddr = ":8080" -const defaultConfigPath = "/etc/homelab-gateway/bots.yaml" +const defaultConfigPath = "/etc/telegram-gateway/bots.yaml" func main() { subcmd := "" @@ -62,7 +62,7 @@ func runServer() { defer stop() go func() { - log.Printf("homelab-gateway listening on %s (%d bot(s) loaded)", *addr, registry.Count()) + log.Printf("telegram-gateway listening on %s (%d bot(s) loaded)", *addr, registry.Count()) if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { log.Fatalf("server: %v", err) }