home/kubernetes-deployments
2
0
Fork 0
Code Issues3 Pull requests Projects Releases Packages Wiki Activity Actions

Format repo

Browse source
This commit is contained in:
Pim Kunis 2024-10-28 16:05:06 +01:00
parent 3169149045
commit 8160b9da0b
37 changed files with 643 additions and 392 deletions

29
modules/attic.nix
View file

@ -1,4 +1,11 @@
{ self, utils, lib, config, globals, ... }: {
{
self,
utils,
lib,
config,
globals,
...
}: {
options.attic.enable = lib.mkEnableOption "attic";
config = lib.mkIf config.attic.enable {
@ -50,10 +57,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/var/lib/atticd/storage";
}];
volumeMounts = [
{
name = "data";
mountPath = "/var/lib/atticd/storage";
}
];
};
volumes = {
@ -98,10 +107,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/pgdata";
}];
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}
];
};
volumes.data.persistentVolumeClaim.claimName = "database";

29
modules/atuin.nix
View file

@ -1,4 +1,9 @@
{ config, globals, lib, ... }: {
{
config,
globals,
lib,
...
}: {
options.atuin.enable = lib.mkEnableOption "atuin";
config = lib.mkIf config.atuin.enable {
@ -34,7 +39,7 @@
image = globals.images.atuin;
imagePullPolicy = "IfNotPresent";
ports.web.containerPort = 8888;
args = [ "server" "start" ];
args = ["server" "start"];
env = {
ATUIN_HOST.value = "0.0.0.0";
@ -47,10 +52,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/config";
}];
volumeMounts = [
{
name = "data";
mountPath = "/config";
}
];
};
database = {
@ -67,10 +74,12 @@
};
};
volumeMounts = [{
name = "database";
mountPath = "/var/lib/postgresql/data";
}];
volumeMounts = [
{
name = "database";
mountPath = "/var/lib/postgresql/data";
}
];
};
};
};

30
modules/bind9/default.nix
View file

@ -1,8 +1,12 @@
{ config, lib, globals, dns, ... }:
let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns);
in
{
config,
lib,
globals,
dns,
...
}: let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns);
in {
options.bind9.enable = lib.mkEnableOption "bind9";
config = lib.mkIf config.bind9.enable {
@ -54,7 +58,7 @@ in
containers = {
bind9-udp = {
image = globals.images.bind9;
envFrom = [{ configMapRef.name = "bind9-env"; }];
envFrom = [{configMapRef.name = "bind9-env";}];
ports.dns-udp = {
containerPort = 53;
@ -77,7 +81,7 @@ in
bind9-tcp = {
image = globals.images.bind9;
envFrom = [{ configMapRef.name = "bind9-env"; }];
envFrom = [{configMapRef.name = "bind9-env";}];
ports.dns-tcp = {
containerPort = 53;
@ -99,10 +103,12 @@ in
};
};
volumes = [{
name = "config";
configMap.name = "bind9-config";
}];
volumes = [
{
name = "config";
configMap.name = "bind9-config";
}
];
};
};
};
@ -117,7 +123,7 @@ in
spec = {
type = "LoadBalancer";
selector.app = "bind9";
ipFamilies = [ "IPv4" "IPv6" ];
ipFamilies = ["IPv4" "IPv6"];
ipFamilyPolicy = "RequireDualStack";
ports.dns = {
@ -137,7 +143,7 @@ in
spec = {
type = "LoadBalancer";
selector.app = "bind9";
ipFamilies = [ "IPv4" "IPv6" ];
ipFamilies = ["IPv4" "IPv6"];
ipFamilyPolicy = "RequireDualStack";
ports.dns = {

21
modules/bind9/kun.is.zone.nix
View file

@ -1,4 +1,5 @@
globals: dns: with dns.lib.combinators; {
globals: dns:
with dns.lib.combinators; {
CAA = letsEncrypt "caa@kun.is";
SOA = {
@ -17,36 +18,36 @@ globals: dns: with dns.lib.combinators; {
];
TXT = [
(with spf; soft [ "include:spf.glasnet.nl" ])
(with spf; soft ["include:spf.glasnet.nl"])
];
subdomains = rec {
"*".A = [ globals.routerPublicIPv4 ];
"*".A = [globals.routerPublicIPv4];
ns = {
A = [ globals.routerPublicIPv4 ];
AAAA = [ ];
A = [globals.routerPublicIPv4];
AAAA = [];
};
ns1 = ns;
ns2 = ns;
wg = {
A = [ globals.routerPublicIPv4 ];
AAAA = [ ];
A = [globals.routerPublicIPv4];
AAAA = [];
};
#for SMTP2GO to be able send emails from kun.is domain
em670271 = {
CNAME = [ "return.smtp2go.net." ];
CNAME = ["return.smtp2go.net."];
};
"s670271._domainkey" = {
CNAME = [ "dkim.smtp2go.net." ];
CNAME = ["dkim.smtp2go.net."];
};
link = {
CNAME = [ "track.smtp2go.net." ];
CNAME = ["track.smtp2go.net."];
};
};
}

7
modules/blog.nix
View file

@ -1,4 +1,9 @@
{ blog-pim, lib, config, ... }: {
{
blog-pim,
lib,
config,
...
}: {
options.blog.enable = lib.mkEnableOption "blog";
config = lib.mkIf config.blog.enable {

71
modules/bootstrap-default.nix
View file

@ -1,4 +1,12 @@
{ config, lib, nixhelm, system, globals, machines, ... }: {
{
config,
lib,
nixhelm,
system,
globals,
machines,
...
}: {
options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default";
config = lib.mkIf config.bootstrap-default.enable {
@ -36,36 +44,35 @@
services.longhorn-frontend.spec.loadBalancerIP = globals.longhornIPv4;
namespaces = {
static-websites = { };
freshrss = { };
radicale = { };
kms = { };
atuin = { };
nextcloud = { };
hedgedoc = { };
kitchenowl = { };
forgejo = { };
paperless = { };
syncthing = { };
immich = { };
attic = { };
inbucket = { };
dns = { };
media = { };
minecraft = { };
tailscale = { };
ntfy = { };
static-websites = {};
freshrss = {};
radicale = {};
kms = {};
atuin = {};
nextcloud = {};
hedgedoc = {};
kitchenowl = {};
forgejo = {};
paperless = {};
syncthing = {};
immich = {};
attic = {};
inbucket = {};
dns = {};
media = {};
minecraft = {};
tailscale = {};
ntfy = {};
};
nodes =
let
machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
in
nodes = let
machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
in
builtins.mapAttrs
(name: machine: {
metadata.labels = machine.kubernetesNodeLabels;
})
machinesWithKubernetesLabels;
(name: machine: {
metadata.labels = machine.kubernetesNodeLabels;
})
machinesWithKubernetesLabels;
recurringJobs.backup-nfs.spec = {
cron = "0 1 * * *"; # One o'clock at night
@ -74,13 +81,13 @@
concurrency = 1;
};
ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe" ];
l2Advertisements.main.metadata = { };
ipAddressPools.main.spec.addresses = ["192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe"];
l2Advertisements.main.metadata = {};
persistentVolumes = {
music-syncthing.spec = {
capacity.storage = "1Gi";
accessModes = [ "ReadWriteMany" ];
accessModes = ["ReadWriteMany"];
nfs = {
server = "lewis.dmz";
@ -90,7 +97,7 @@
media-media.spec = {
capacity.storage = "1Gi";
accessModes = [ "ReadWriteMany" ];
accessModes = ["ReadWriteMany"];
nfs = {
server = "lewis.dmz";

18
modules/bootstrap-kube-system/default.nix
View file

@ -1,4 +1,10 @@
{ config, lib, nixhelm, system, ... }: {
{
config,
lib,
nixhelm,
system,
...
}: {
options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system";
config = lib.mkIf config.bootstrap-kube-system.enable {
@ -29,10 +35,12 @@
server = "https://acme-v02.api.letsencrypt.org/directory";
email = "pim@kunis.nl";
privateKeySecretRef.name = "letsencrypt-private-key";
solvers = [{
selector = { };
http01.ingress.class = "traefik";
}];
solvers = [
{
selector = {};
http01.ingress.class = "traefik";
}
];
};
};
};

7
modules/cyberchef.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: {
{
config,
lib,
globals,
...
}: {
options.cyberchef.enable = lib.mkEnableOption "cyberchef";
config = lib.mkIf config.cyberchef.enable {

9
modules/dnsmasq.nix
View file

@ -1,4 +1,11 @@
{ self, utils, globals, config, lib, ... }: {
{
self,
utils,
globals,
config,
lib,
...
}: {
options.dnsmasq.enable = lib.mkEnableOption "dnsmasq";
config = lib.mkIf config.dnsmasq.enable {

9
modules/forgejo/default.nix
View file

@ -1,9 +1,14 @@
{ lib, config, globals, ... }: {
{
lib,
config,
globals,
...
}: {
options.forgejo.enable = lib.mkEnableOption "forgejo";
config = lib.mkIf config.forgejo.enable {
kubernetes.resources = {
secrets.forgejo.stringData.config = lib.generators.toINI { } (import ./config.nix);
secrets.forgejo.stringData.config = lib.generators.toINI {} (import ./config.nix);
deployments.server.spec = {
selector.matchLabels.app = "forgejo";

17
modules/freshrss.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: {
{
config,
lib,
globals,
...
}: {
options.freshrss.enable = lib.mkEnableOption "freshrss";
config = lib.mkIf config.freshrss.enable {
@ -43,10 +48,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/var/www/FreshRSS/data";
}];
volumeMounts = [
{
name = "data";
mountPath = "/var/www/FreshRSS/data";
}
];
};
volumes.data.persistentVolumeClaim.claimName = "data";

19
modules/hedgedoc.nix
View file

@ -1,9 +1,14 @@
{ config, lib, globals, ... }: {
{
config,
lib,
globals,
...
}: {
options.hedgedoc.enable = lib.mkEnableOption "hedgedoc";
config = lib.mkIf config.hedgedoc.enable {
kubernetes.resources = {
configMaps.hedgedoc-config.data.config = lib.generators.toJSON { } {
configMaps.hedgedoc-config.data.config = lib.generators.toJSON {} {
useSSL = false;
};
@ -106,10 +111,12 @@
};
};
volumeMounts = [{
name = "database";
mountPath = "/pgdata";
}];
volumeMounts = [
{
name = "database";
mountPath = "/pgdata";
}
];
};
volumes.database.persistentVolumeClaim.claimName = "database";

43
modules/immich.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.immich.enable = lib.mkEnableOption "immich";
config = lib.mkIf config.immich.enable {
@ -51,10 +56,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/usr/src/app/upload";
}];
volumeMounts = [
{
name = "data";
mountPath = "/usr/src/app/upload";
}
];
};
};
};
@ -90,10 +97,12 @@
ports.ml.containerPort = 3003;
env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600";
volumeMounts = [{
name = "cache";
mountPath = "/cache";
}];
volumeMounts = [
{
name = "cache";
mountPath = "/cache";
}
];
};
};
};
@ -157,8 +166,8 @@
containers.postgres = {
image = globals.images.immich-postgres;
imagePullPolicy = "IfNotPresent";
command = [ "postgres" ];
args = [ "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ];
command = ["postgres"];
args = ["-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on"];
ports.postgres.containerPort = 5432;
securityContext.runAsUser = 999;
securityContext.runAsGroup = 999;
@ -175,10 +184,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/pgdata";
}];
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}
];
};
};
};
@ -239,7 +250,7 @@
};
persistentVolumeClaims.cache.spec = {
accessModes = [ "ReadWriteOnce" ];
accessModes = ["ReadWriteOnce"];
resources.requests.storage = "5Gi";
};
};

9
modules/inbucket.nix
View file

@ -1,9 +1,14 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.inbucket.enable = lib.mkEnableOption "inbucket";
config = lib.mkIf config.inbucket.enable {
kubernetes.resources = {
serviceAccounts.inbucket = { };
serviceAccounts.inbucket = {};
deployments.inbucket.spec = {
selector.matchLabels.app = "inbucket";

53
modules/ingress.nix
View file

@ -1,6 +1,9 @@
{ lib, config, ... }:
let
ingressOpts = { name, ... }: {
{
lib,
config,
...
}: let
ingressOpts = {name, ...}: {
options = {
host = lib.mkOption {
type = lib.types.str;
@ -22,17 +25,17 @@ let
};
};
};
in
{
in {
options = {
lab.ingresses = lib.mkOption {
type = with lib.types; attrsOf (submodule ingressOpts);
default = { };
default = {};
};
};
config = {
kubernetes.resources.ingresses = builtins.mapAttrs
kubernetes.resources.ingresses =
builtins.mapAttrs
(name: ingress: {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
@ -42,24 +45,30 @@ in
spec = {
ingressClassName = "traefik";
rules = [{
host = ingress.host;
rules = [
{
host = ingress.host;
http.paths = [{
path = "/";
pathType = "Prefix";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = ingress.service.name;
port.name = ingress.service.portName;
};
}];
}];
backend.service = {
name = ingress.service.name;
port.name = ingress.service.portName;
};
}
];
}
];
tls = [{
secretName = "${name}-tls";
hosts = [ ingress.host ];
}];
tls = [
{
secretName = "${name}-tls";
hosts = [ingress.host];
}
];
};
})
config.lab.ingresses;

17
modules/kitchenowl.nix
View file

@ -1,4 +1,9 @@
{ lib, globals, config, ... }: {
{
lib,
globals,
config,
...
}: {
options.kitchenowl.enable = lib.mkEnableOption "kitchenowl";
config = lib.mkIf config.kitchenowl.enable {
@ -33,10 +38,12 @@
key = "jwtSecretKey";
};
volumeMounts = [{
name = "data";
mountPath = "/data";
}];
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
];
};
securityContext = {

7
modules/kms.nix
View file

@ -1,4 +1,9 @@
{ config, globals, lib, ... }: {
{
config,
globals,
lib,
...
}: {
options.kms.enable = lib.mkEnableOption "kms";
config = lib.mkIf config.kms.enable {

56
modules/longhorn-volume.nix
View file

@ -1,6 +1,9 @@
{ lib, config, ... }:
let
longhornVolumeOpts = { name, ... }: {
{
lib,
config,
...
}: let
longhornVolumeOpts = {name, ...}: {
options = {
storage = lib.mkOption {
type = lib.types.str;
@ -13,7 +16,7 @@ let
};
};
longhornPVOpts = { name, ... }: {
longhornPVOpts = {name, ...}: {
options = {
storage = lib.mkOption {
type = lib.types.str;
@ -21,7 +24,7 @@ let
};
};
longhornPVCOpts = { name, ... }: {
longhornPVCOpts = {name, ...}: {
options = {
volumeName = lib.mkOption {
type = lib.types.str;
@ -34,34 +37,34 @@ let
};
};
};
in
{
in {
options = {
lab.longhornVolumes = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornVolumeOpts);
default = { };
default = {};
};
lab.longhorn = {
persistentVolume = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornPVOpts);
default = { };
default = {};
};
persistentVolumeClaim = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornPVCOpts);
default = { };
default = {};
};
};
};
config = {
kubernetes.resources = {
persistentVolumes = lib.mergeAttrs
persistentVolumes =
lib.mergeAttrs
(builtins.mapAttrs
(name: longhornVolume: {
spec = {
accessModes = [ "ReadWriteOnce" ];
accessModes = ["ReadWriteOnce"];
capacity.storage = longhornVolume.storage;
persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem";
@ -84,10 +87,12 @@ in
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{
name = "backup-nfs";
isGroup = false;
}];
recurringJobSelector = lib.generators.toYAML {} [
{
name = "backup-nfs";
isGroup = false;
}
];
};
};
};
@ -96,7 +101,7 @@ in
(builtins.mapAttrs
(name: longhornPV: {
spec = {
accessModes = [ "ReadWriteOnce" ];
accessModes = ["ReadWriteOnce"];
capacity.storage = longhornPV.storage;
persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem";
@ -114,21 +119,24 @@ in
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{
name = "backup-nfs";
isGroup = false;
}];
recurringJobSelector = lib.generators.toYAML {} [
{
name = "backup-nfs";
isGroup = false;
}
];
};
};
};
})
config.lab.longhorn.persistentVolume);
persistentVolumeClaims = lib.mergeAttrs
persistentVolumeClaims =
lib.mergeAttrs
(builtins.mapAttrs
(name: longhornVolume: {
spec = {
accessModes = [ "ReadWriteOnce" ];
accessModes = ["ReadWriteOnce"];
resources.requests.storage = longhornVolume.storage;
storageClassName = "";
};
@ -137,7 +145,7 @@ in
(builtins.mapAttrs
(name: longhornPVC: {
spec = {
accessModes = [ "ReadWriteOnce" ];
accessModes = ["ReadWriteOnce"];
resources.requests.storage = longhornPVC.storage;
storageClassName = "";
volumeName = longhornPVC.volumeName;

49
modules/media.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.media.enable = lib.mkEnableOption "media";
config = lib.mkIf config.media.enable {
@ -64,13 +69,17 @@
fsGroupChangePolicy = "OnRootMismatch";
};
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{
matchExpressions = [{
key = "hasMedia";
operator = "In";
values = [ "true" ];
}];
}];
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [
{
matchExpressions = [
{
key = "hasMedia";
operator = "In";
values = ["true"];
}
];
}
];
};
};
};
@ -167,10 +176,12 @@
TZ.value = "Europe/Amsterdam";
};
volumeMounts = [{
name = "config";
mountPath = "/app/config";
}];
volumeMounts = [
{
name = "config";
mountPath = "/app/config";
}
];
};
securityContext = {
@ -274,10 +285,12 @@
TZ.value = "Europe/Amsterdam";
};
volumeMounts = [{
name = "config";
mountPath = "/config";
}];
volumeMounts = [
{
name = "config";
mountPath = "/config";
}
];
};
securityContext = {
@ -518,12 +531,12 @@
persistentVolumeClaims = {
jellyfin-cache.spec = {
accessModes = [ "ReadWriteOnce" ];
accessModes = ["ReadWriteOnce"];
resources.requests.storage = "20Gi";
};
media.spec = {
accessModes = [ "ReadWriteMany" ];
accessModes = ["ReadWriteMany"];
storageClassName = "";
resources.requests.storage = "1Mi";
volumeName = "media-media";

17
modules/minecraft.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: {
{
lib,
config,
globals,
...
}: {
options.minecraft.enable = lib.mkEnableOption "minecraft";
config = lib.mkIf config.minecraft.enable {
@ -18,10 +23,12 @@
env.EULA.value = "TRUE";
volumeMounts = [{
name = "data";
mountPath = "/data";
}];
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
];
};
securityContext = {

47
modules/nextcloud.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: {
{
lib,
config,
globals,
...
}: {
options.nextcloud.enable = lib.mkEnableOption "nextcloud";
config = lib.mkIf config.nextcloud.enable {
@ -45,10 +50,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/var/www/html";
}];
volumeMounts = [
{
name = "data";
mountPath = "/var/www/html";
}
];
};
securityContext = {
@ -56,14 +63,18 @@
fsGroupChangePolicy = "OnRootMismatch";
};
affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
weight = 1;
preference.matchExpressions = [{
key = "storageType";
operator = "In";
values = [ "fast" ];
}];
}];
affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [
{
weight = 1;
preference.matchExpressions = [
{
key = "storageType";
operator = "In";
values = ["fast"];
}
];
}
];
};
};
};
@ -97,10 +108,12 @@
};
};
volumeMounts = [{
name = "database";
mountPath = "/pgdata";
}];
volumeMounts = [
{
name = "database";
mountPath = "/pgdata";
}
];
};
volumes.database.persistentVolumeClaim.claimName = "database";

15
modules/ntfy.nix
View file

@ -1,9 +1,14 @@
{ lib, config, globals, ... }: {
{
lib,
config,
globals,
...
}: {
options.ntfy.enable = lib.mkEnableOption "ntfy";
config = lib.mkIf config.ntfy.enable {
kubernetes.resources = {
configMaps.ntfy.data.config = lib.generators.toYAML { } {
configMaps.ntfy.data.config = lib.generators.toYAML {} {
base-url = "https://ntfy.kun.is";
cache-file = "/var/cache/ntfy/cache.db";
cache-duration = "14d";
@ -35,7 +40,7 @@
image = globals.images.ntfy;
ports.web.containerPort = 80;
env.TZ.value = "Europe/Amsterdam";
args = [ "serve" ];
args = ["serve"];
volumeMounts = [
{
@ -70,12 +75,12 @@
persistentVolumeClaims = {
cache.spec = {
accessModes = [ "ReadWriteOnce" ];
accessModes = ["ReadWriteOnce"];
resources.requests.storage = "300Mi";
};
attachment-cache.spec = {
accessModes = [ "ReadWriteOnce" ];
accessModes = ["ReadWriteOnce"];
resources.requests.storage = "500Mi";
};
};

37
modules/paperless.nix
View file

@ -1,4 +1,9 @@
{ globals, lib, config, ... }: {
{
globals,
lib,
config,
...
}: {
options.paperless.enable = lib.mkEnableOption "paperless";
config = lib.mkIf config.paperless.enable {
@ -64,10 +69,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/data";
}];
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
];
};
securityContext = {
@ -107,10 +114,12 @@
ports.redis.containerPort = 6379;
imagePullPolicy = "IfNotPresent";
volumeMounts = [{
name = "data";
mountPath = "/data";
}];
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
];
};
securityContext = {
@ -159,10 +168,12 @@
};
};
volumeMounts = [{
name = "data";
mountPath = "/pgdata";
}];
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}
];
};
volumes.data.persistentVolumeClaim.claimName = "database";

7
modules/pihole.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.pihole.enable = lib.mkEnableOption "pihole";
config = lib.mkIf config.pihole.enable {

13
modules/radicale.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: {
{
config,
lib,
globals,
...
}: {
options.radicale.enable = lib.mkEnableOption "radicale";
config = lib.mkIf config.radicale.enable {
@ -6,7 +11,7 @@
configMaps.server.data = {
users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";
config = lib.generators.toINI { } {
config = lib.generators.toINI {} {
server = {
hosts = "0.0.0.0:5232, [::]:5232";
ssl = false;
@ -31,8 +36,8 @@
filesystem_folder = "/data";
};
logging = { };
headers = { };
logging = {};
headers = {};
};
};

11
modules/syncthing.nix
View file

@ -1,9 +1,14 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.syncthing.enable = lib.mkEnableOption "syncthing";
config = lib.mkIf config.syncthing.enable {
kubernetes.resources = {
serviceAccounts.syncthing = { };
serviceAccounts.syncthing = {};
deployments.syncthing.spec = {
selector.matchLabels.app = "syncthing";
@ -71,7 +76,7 @@
};
persistentVolumeClaims.music.spec = {
accessModes = [ "ReadWriteMany" ];
accessModes = ["ReadWriteMany"];
storageClassName = "";
resources.requests.storage = "1Mi";
volumeName = "music-syncthing";

65
modules/tailscale-ingress.nix
View file

@ -1,12 +1,16 @@
{ lib, config, ... }: {
{
lib,
config,
...
}: {
options = with lib.types; {
lab.tailscaleIngresses = lib.mkOption {
type = attrsOf (submodule {
options = {
host = lib.mkOption { type = str; };
host = lib.mkOption {type = str;};
service = {
name = lib.mkOption { type = str; };
name = lib.mkOption {type = str;};
portName = lib.mkOption {
type = str;
@ -16,37 +20,44 @@
};
});
default = { };
default = {};
};
};
config =
let
cfg = config.lab.tailscaleIngresses;
config = let
cfg = config.lab.tailscaleIngresses;
mkTailscaleIngress = name: { host, service }: {
spec = {
ingressClassName = "tailscale";
mkTailscaleIngress = name: {
host,
service,
}: {
spec = {
ingressClassName = "tailscale";
rules = [{
http.paths = [{
path = "/";
pathType = "Prefix";
rules = [
{
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = service.name;
port.name = service.portName;
};
}];
}];
backend.service = {
name = service.name;
port.name = service.portName;
};
}
];
}
];
tls = [{
hosts = [ host ];
}];
};
tls = [
{
hosts = [host];
}
];
};
in
{
kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg;
};
in {
kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg;
};
}

8
modules/tailscale.nix
View file

@ -1,4 +1,10 @@
{ nixhelm, system, config, lib, ... }: {
{
nixhelm,
system,
config,
lib,
...
}: {
options.tailscale.enable = lib.mkEnableOption "tailscale";
config = lib.mkIf config.tailscale.enable {

11
modules/traefik.nix
View file

@ -1,4 +1,9 @@
{ lib, globals, config, ... }: {
{
lib,
globals,
config,
...
}: {
options.traefik.enable = lib.mkEnableOption "traefik";
config = lib.mkIf config.traefik.enable {
@ -8,7 +13,7 @@
# Override Traefik's service with a static load balancer IP.
# Create endpoint for HTTPS on port 444.
# Allow external name services for servers in LAN.
spec.valuesContent = lib.generators.toYAML { } {
spec.valuesContent = lib.generators.toYAML {} {
providers.kubernetesIngress.allowExternalNameServices = true;
service.loadBalancerIP = globals.traefikIPv4;
@ -23,7 +28,7 @@
enabled = true;
options = "";
certResolver = "";
domains = [ ];
domains = [];
};
};