home/kubernetes-deployments
2
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions

Delete Pihole

Browse source
This commit is contained in:
Pim Kunis 2025-05-26 22:05:55 +02:00
parent ebfc1f33a4
commit 1ac21a813a
7 changed files with 2 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -35,7 +35,6 @@ Legend:
| ✅ | `inbucket/inbucket` | | | ✅ | `inbucket/inbucket` | |
| ✅ | `lscr.io/linuxserver/syncthing` | | | ✅ | `lscr.io/linuxserver/syncthing` | |
| ✅ | `codeberg.org/forgejo/forgejo` | | | ✅ | `codeberg.org/forgejo/forgejo` | |
| ✅ | `pihole/pihole` | |
| ✅ | `ghcr.io/immich-app/immich-server` | | | ✅ | `ghcr.io/immich-app/immich-server` | |
| ✅ | `ghcr.io/immich-app/immich-machine-learning` | | | ✅ | `ghcr.io/immich-app/immich-machine-learning` | |
| ✅ | `docker.io/redis:6.2-alpine` | Database for Immich | | ✅ | `docker.io/redis:6.2-alpine` | Database for Immich |

5
deployments.nix
View file

@ -69,11 +69,6 @@
namespace = "syncthing"; namespace = "syncthing";
}; };
pihole = {
module.pihole.enable = true;
namespace = "dns";
};
immich = { immich = {
module.immich.enable = true; module.immich.enable = true;
namespace = "immich"; namespace = "immich";

2
globals.nix
View file

@ -11,7 +11,6 @@ _: {
inbucket = "inbucket/inbucket:edge"; inbucket = "inbucket/inbucket:edge";
syncthing = "lscr.io/linuxserver/syncthing:1.29.6"; syncthing = "lscr.io/linuxserver/syncthing:1.29.6";
forgejo = "codeberg.org/forgejo/forgejo:11.0.1"; forgejo = "codeberg.org/forgejo/forgejo:11.0.1";
pihole = "pihole/pihole:2025.02.1";
immich = "ghcr.io/immich-app/immich-server:v1.132.1"; immich = "ghcr.io/immich-app/immich-server:v1.132.1";
immich-machine-learning = "ghcr.io/immich-app/immich-machine-learning:v1.132.1"; immich-machine-learning = "ghcr.io/immich-app/immich-machine-learning:v1.132.1";
immich-redis = "docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1"; immich-redis = "docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1";
@ -42,7 +41,6 @@ _: {
traefikIPv4 = "192.168.30.128"; traefikIPv4 = "192.168.30.128";
kmsIPv4 = "192.168.30.129"; kmsIPv4 = "192.168.30.129";
inbucketIPv4 = "192.168.30.130"; inbucketIPv4 = "192.168.30.130";
piholeIPv4 = "192.168.30.131";
gitIPv4 = "192.168.30.132"; gitIPv4 = "192.168.30.132";
delugeIPv4 = "192.168.30.133"; delugeIPv4 = "192.168.30.133";
bind9IPv4 = "192.168.30.134"; bind9IPv4 = "192.168.30.134";

2
modules/bootstrap-default.nix
View file

@ -88,8 +88,6 @@
lab = { lab = {
longhorn.persistentVolume = { longhorn.persistentVolume = {
kitchenowl.storage = "100Mi"; kitchenowl.storage = "100Mi";
pihole-data.storage = "750Mi";
pihole-dnsmasq.storage = "16Mi";
immich.storage = "50Gi"; immich.storage = "50Gi";
immich-db.storage = "5Gi"; immich-db.storage = "5Gi";
attic.storage = "15Gi"; attic.storage = "15Gi";

1
modules/default.nix
View file

@ -20,7 +20,6 @@
./forgejo ./forgejo
./paperless.nix ./paperless.nix
./syncthing.nix ./syncthing.nix
./pihole.nix
./immich.nix ./immich.nix
./attic.nix ./attic.nix
./bind9 ./bind9

117
modules/pihole.nix
View file

@ -1,117 +0,0 @@
{
globals,
config,
lib,
...
}: {
options.pihole.enable = lib.mkEnableOption "pihole";
config = lib.mkIf config.pihole.enable {
kubernetes.resources = {
secrets.pihole.stringData.webPassword = "ref+sops://secrets.yml#/pihole/password";
deployments.pihole.spec = {
selector.matchLabels.app = "pihole";
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels.app = "pihole";
spec = {
containers.pihole = {
image = globals.images.pihole;
env = {
TZ.value = "Europe/Amsterdam";
PIHOLE_DNS_.value = "192.168.30.1";
WEBPASSWORD.valueFrom.secretKeyRef = {
name = "pihole";
key = "webPassword";
};
};
ports = {
web.containerPort = 80;
dns = {
containerPort = 53;
protocol = "UDP";
};
};
volumeMounts = [
{
name = "data";
mountPath = "/etc/pihole";
}
{
name = "dnsmasq";
mountPath = "/etc/dnsmasq.d";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "pihole-data";
dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq";
};
securityContext = {
fsGroup = 1000;
fsGroupChangePolicy = "OnRootMismatch";
};
};
};
};
services = {
pihole.spec = {
type = "LoadBalancer";
loadBalancerIP = globals.piholeIPv4;
selector.app = "pihole";
ports = {
dns = {
protocol = "UDP";
port = 53;
targetPort = "dns";
};
web = {
port = 80;
targetPort = "web";
};
};
};
};
};
lab = {
longhorn.persistentVolumeClaim = {
pihole-data = {
volumeName = "pihole-data";
storage = "750Mi";
};
pihole-dnsmasq = {
volumeName = "pihole-dnsmasq";
storage = "16Mi";
};
};
tailscaleIngresses.tailscale-pihole = {
host = "pihole";
service.name = "pihole";
};
};
};
}

6
secrets.yml
View file

@ -1,8 +1,6 @@
freshrss: freshrss:
password: ENC[AES256_GCM,data:ECDPrW+VgO8PY9p2fLIreRETNiRL5ZGnu/PMC7aNj8KaWfyNYL+l3w==,iv:srR/r1EtOpC/CKKrCDKcTLVdMFPAYIJIB1CCg8mS0UU=,tag:YN4PqR5uvPkVskpJWD+91g==,type:str] password: ENC[AES256_GCM,data:ECDPrW+VgO8PY9p2fLIreRETNiRL5ZGnu/PMC7aNj8KaWfyNYL+l3w==,iv:srR/r1EtOpC/CKKrCDKcTLVdMFPAYIJIB1CCg8mS0UU=,tag:YN4PqR5uvPkVskpJWD+91g==,type:str]
oidc_crypto_key: ENC[AES256_GCM,data:dFQKZtFVd5l8W2go6WcK76o7O7hpQWnQKXCGTf9EhSVURvWigv6zzBULie7Y4lkJCsItG8oKmIiCYSy3MhFnU3DJTUJcenm4I7NHyINjvzHOBgUVPXbYQjQhouJwOlPkdqlSKv1f38ItZKNPJebMObZj+kACKbjdik6e6yM40RM=,iv:g6Ygval2qTQwKnrliI+n/r9OxJFePT9MKYyBLU6b3UQ=,tag:kWXTbm2JIR5aL/s4OX2Tqg==,type:str] oidc_crypto_key: ENC[AES256_GCM,data:dFQKZtFVd5l8W2go6WcK76o7O7hpQWnQKXCGTf9EhSVURvWigv6zzBULie7Y4lkJCsItG8oKmIiCYSy3MhFnU3DJTUJcenm4I7NHyINjvzHOBgUVPXbYQjQhouJwOlPkdqlSKv1f38ItZKNPJebMObZj+kACKbjdik6e6yM40RM=,iv:g6Ygval2qTQwKnrliI+n/r9OxJFePT9MKYyBLU6b3UQ=,tag:kWXTbm2JIR5aL/s4OX2Tqg==,type:str]
pihole:
password: ENC[AES256_GCM,data:MA60825Tl6aYEFVoPgo8k5Vjb9zmIxtPLJriQV1B3P1bOKu1KK7vxQ==,iv:RGZHox8CbJiEEEjMo2k/tNbtjCPy/QY7vOuMN/YNZcg=,tag:yphrq03IKpXM/tSDBLeSgA==,type:str]
hedgedoc: hedgedoc:
databaseURL: ENC[AES256_GCM,data:6+IV4TaClIGE1XVkUf7JwXzqx3EvWiIKFx9X5x7QKvQKC7bIieD1ADVeAMQmiQfibnH/YV5TgjNY8Ft+3eX881c3yD+2j7mM+O1fX6taK/BCokDnqhIwTN2qxHsu+mrPcM/Pgg5Zqy8HvUgX8jM=,iv:bCwuNk5CVgK2T5IgLebcKwxwloi6FkWMWhnxwJek1GM=,tag:UDQ0KmRDVlDh35Fjm6eaAA==,type:str] databaseURL: ENC[AES256_GCM,data:6+IV4TaClIGE1XVkUf7JwXzqx3EvWiIKFx9X5x7QKvQKC7bIieD1ADVeAMQmiQfibnH/YV5TgjNY8Ft+3eX881c3yD+2j7mM+O1fX6taK/BCokDnqhIwTN2qxHsu+mrPcM/Pgg5Zqy8HvUgX8jM=,iv:bCwuNk5CVgK2T5IgLebcKwxwloi6FkWMWhnxwJek1GM=,tag:UDQ0KmRDVlDh35Fjm6eaAA==,type:str]
sessionSecret: ENC[AES256_GCM,data:7FdRjAShjjue1fFwizCgK+94mkbT4ohAPxdyn/8Z8/f2nvGWPZHO/hGexOixbRGLPewJSaMunTMeJL+IzFlGlg==,iv:iz7640b8Mlb6mNps20b+TbphWDEFUbKwKNUXc0kR5NY=,tag:fdEr1tbes1h8VCA/q+0sOw==,type:str] sessionSecret: ENC[AES256_GCM,data:7FdRjAShjjue1fFwizCgK+94mkbT4ohAPxdyn/8Z8/f2nvGWPZHO/hGexOixbRGLPewJSaMunTMeJL+IzFlGlg==,iv:iz7640b8Mlb6mNps20b+TbphWDEFUbKwKNUXc0kR5NY=,tag:fdEr1tbes1h8VCA/q+0sOw==,type:str]
@ -81,8 +79,8 @@ sops:
azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68 azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68
UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw== UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-15T15:37:53Z" lastmodified: "2025-05-26T20:32:01Z"
mac: ENC[AES256_GCM,data:tsoDYbuhxEH3PrxOPgfKczD8Hh1XGJRhGAtm2DWpPP9T99ub/l3KAV2pInvUi5Kn+1QvhJUAwFAP6A/435cqfsHxQI066N7ADUYO4qshcsAYKK7ofBVNnI431D3oD+kBujWKmvSqhlamdP+O7O1ICtbfI5PEM8SN5KWEvEtyp9A=,iv:pDiPy6EWLaZQbNydRFTktRlcf7M9Uf8OS+WPbQkUx9M=,tag:D+tMTFVbWE7TQIw/0MUZjw==,type:str] mac: ENC[AES256_GCM,data:si28Fu1crF2mYYCJAgN95+G8iJkn4T9wF0Itpi+5cjoSZ2ebxm2wWnVLQ9PwLIkHVF7nNbQM4fWy3eGIWWpexW6ReEc/aGJBLM0L4ho7iFaO1tzWEa5nTyz3QQH8kap1xvqEYgwH9EDkblc4gFpCUDnYbBt9lNcRCZ3JzeYoPxQ=,iv:QHsvuyCCn+9oe5ZQJi2/qDtV7Z2N4JMfqXUEqJkzKH4=,tag:2NGB4VR5bPEZmIC/lYX2VQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4