home/kubernetes-deployments
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Format repo

Browse source
This commit is contained in:
Pim Kunis 2024-10-28 16:05:06 +01:00
parent 3169149045
commit 8160b9da0b
37 changed files with 643 additions and 392 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
flake.lock
View file

@ -3,7 +3,7 @@
"blog-pim": { "blog-pim": {
"inputs": { "inputs": {
"flutils": [ "flutils": [
"flutils" "flake-utils"
], ],
"nginx": "nginx", "nginx": "nginx",
"nixpkgs": [ "nixpkgs": [
@ -89,7 +89,7 @@
}, },
"dns_2": { "dns_2": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_5",
"nixpkgs": [ "nixpkgs": [
"servers", "servers",
"nixpkgs" "nixpkgs"
@ -227,6 +227,24 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_3"
}, },
@ -243,7 +261,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-utils_3": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_4"
}, },
@ -261,7 +279,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": { "flake-utils_5": {
"locked": { "locked": {
"lastModified": 1614513358, "lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
@ -276,7 +294,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_5": { "flake-utils_6": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_7"
}, },
@ -294,24 +312,6 @@
"type": "github" "type": "github"
} }
}, },
"flutils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -480,7 +480,7 @@
}, },
"nixhelm": { "nixhelm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"haumea": "haumea", "haumea": "haumea",
"nix-kube-generators": "nix-kube-generators", "nix-kube-generators": "nix-kube-generators",
"nixpkgs": [ "nixpkgs": [
@ -675,7 +675,7 @@
}, },
"poetry2nix": { "poetry2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": [
"nixhelm", "nixhelm",
@ -725,7 +725,7 @@
"inputs": { "inputs": {
"blog-pim": "blog-pim", "blog-pim": "blog-pim",
"dns": "dns", "dns": "dns",
"flutils": "flutils", "flake-utils": "flake-utils_2",
"kubenix": "kubenix", "kubenix": "kubenix",
"nixhelm": "nixhelm", "nixhelm": "nixhelm",
"nixng": "nixng", "nixng": "nixng",
@ -740,7 +740,7 @@
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko", "disko": "disko",
"dns": "dns_2", "dns": "dns_2",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_6",
"kubenix": "kubenix_2", "kubenix": "kubenix_2",
"nix-snapshotter": "nix-snapshotter", "nix-snapshotter": "nix-snapshotter",
"nixng": "nixng_2", "nixng": "nixng_2",

9
flake.nix
View file

@ -3,7 +3,7 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
flutils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
treefmt-nix.url = "github:numtide/treefmt-nix"; treefmt-nix.url = "github:numtide/treefmt-nix";
pre-commit-hooks = { pre-commit-hooks = {
@ -21,7 +21,7 @@
url = "git+https://git.kun.is/home/blog-pim?rev=7296f7f5bf5f089a5137036dcbd8058cf3e4a9e5"; url = "git+https://git.kun.is/home/blog-pim?rev=7296f7f5bf5f089a5137036dcbd8058cf3e4a9e5";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flutils.follows = "flutils"; flutils.follows = "flake-utils";
}; };
}; };
@ -46,10 +46,11 @@
}; };
}; };
outputs = inputs @ {flutils, ...}: outputs = inputs @ {flake-utils, ...}:
flutils.lib.meld inputs [ flake-utils.lib.meld inputs [
./kubenix.nix ./kubenix.nix
./scripts ./scripts
./globals.nix ./globals.nix
./formatter.nix
]; ];
} }

6
globals.nix
View file

@ -1,5 +1,4 @@
{ servers, ... }: {servers, ...}: let
let
globals = { globals = {
images = { images = {
jellyfin = "jellyfin/jellyfin:10.10.0"; jellyfin = "jellyfin/jellyfin:10.10.0";
@ -34,7 +33,6 @@ let
minecraft = "itzg/minecraft-server:latest"; minecraft = "itzg/minecraft-server:latest";
}; };
}; };
in in {
{
globals = globals // servers.globals; globals = globals // servers.globals;
} }

6
images/attic.nix
View file

@ -1,4 +1,8 @@
{ nixpkgs, nglib, ... }: {
nixpkgs,
nglib,
...
}:
nglib.makeSystem { nglib.makeSystem {
inherit nixpkgs; inherit nixpkgs;
system = "x86_64-linux"; system = "x86_64-linux";

7
images/dnsmasq.nix
View file

@ -1,4 +1,9 @@
{ globals, nixpkgs, nglib, ... }: {
globals,
nixpkgs,
nglib,
...
}:
nglib.makeSystem { nglib.makeSystem {
inherit nixpkgs; inherit nixpkgs;
system = "x86_64-linux"; system = "x86_64-linux";

51
kubenix.nix
View file

@ -1,6 +1,13 @@
inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaultSystem inputs @ {
(system: self,
let servers,
flake-utils,
nixpkgs,
kubenix,
...
}:
flake-utils.lib.eachDefaultSystem
(system: let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
lib = pkgs.lib; lib = pkgs.lib;
deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: { deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: {
@ -9,7 +16,8 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
machines = servers.machines.${system}; machines = servers.machines.${system};
mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} { mkKubernetes = name: module: namespace:
(kubenix.evalModules.${system} {
specialArgs = { specialArgs = {
inherit namespace system machines self; inherit namespace system machines self;
inherit (inputs) nixhelm blog-pim dns nixpkgs nixng; inherit (inputs) nixhelm blog-pim dns nixpkgs nixng;
@ -22,8 +30,7 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
}; };
}; };
module = { kubenix, ... }: module = {kubenix, ...}: {
{
imports = [ imports = [
kubenix.modules.k8s kubenix.modules.k8s
kubenix.modules.helm kubenix.modules.helm
@ -36,20 +43,28 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
kubernetes.namespace = namespace; kubernetes.namespace = namespace;
}; };
}; };
}).config.kubernetes; })
.config
.kubernetes;
mkManifest = name: { module, namespace }: { mkManifest = name: {
module,
namespace,
}: {
name = "${name}-manifest"; name = "${name}-manifest";
value = (mkKubernetes name module namespace).result; value = (mkKubernetes name module namespace).result;
}; };
mkDeployApp = name: { module, namespace }: mkDeployApp = name: {
let module,
namespace,
}: let
kubernetes = mkKubernetes name module namespace; kubernetes = mkKubernetes name module namespace;
kubeconfig = kubernetes.kubeconfig or ""; kubeconfig = kubernetes.kubeconfig or "";
result = kubernetes.result or ""; result = kubernetes.result or "";
wrappedDeployScript = pkgs.symlinkJoin wrappedDeployScript =
pkgs.symlinkJoin
{ {
name = "applyset-deploy.sh"; name = "applyset-deploy.sh";
paths = [deployScript pkgs.vals pkgs.kubectl]; paths = [deployScript pkgs.vals pkgs.kubectl];
@ -57,13 +72,15 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
passthru.manifest = result; passthru.manifest = result;
meta.mainProgram = "applyset-deploy.sh"; meta.mainProgram = "applyset-deploy.sh";
postBuild = postBuild = let
let
# HACK: create normal way of checking if server runs k8s # HACK: create normal way of checking if server runs k8s
k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines; k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines;
k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines); k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines);
in in
/* bash */ '' /*
bash
*/
''
wrapProgram $out/bin/applyset-deploy.sh \ wrapProgram $out/bin/applyset-deploy.sh \
--suffix PATH : "$out/bin" \ --suffix PATH : "$out/bin" \
--run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \ --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
@ -75,14 +92,12 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
--set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests' --set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests'
''; '';
}; };
in in {
{
name = "${name}-deploy"; name = "${name}-deploy";
value = wrappedDeployScript; value = wrappedDeployScript;
}; };
deployments = import ./deployments.nix; deployments = import ./deployments.nix;
in in {
{
packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments); packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments);
}) })

21
modules/attic.nix
View file

@ -1,4 +1,11 @@
{ self, utils, lib, config, globals, ... }: { {
self,
utils,
lib,
config,
globals,
...
}: {
options.attic.enable = lib.mkEnableOption "attic"; options.attic.enable = lib.mkEnableOption "attic";
config = lib.mkIf config.attic.enable { config = lib.mkIf config.attic.enable {
@ -50,10 +57,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/var/lib/atticd/storage"; mountPath = "/var/lib/atticd/storage";
}]; }
];
}; };
volumes = { volumes = {
@ -98,10 +107,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/pgdata"; mountPath = "/pgdata";
}]; }
];
}; };
volumes.data.persistentVolumeClaim.claimName = "database"; volumes.data.persistentVolumeClaim.claimName = "database";

19
modules/atuin.nix
View file

@ -1,4 +1,9 @@
{ config, globals, lib, ... }: { {
config,
globals,
lib,
...
}: {
options.atuin.enable = lib.mkEnableOption "atuin"; options.atuin.enable = lib.mkEnableOption "atuin";
config = lib.mkIf config.atuin.enable { config = lib.mkIf config.atuin.enable {
@ -47,10 +52,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/config"; mountPath = "/config";
}]; }
];
}; };
database = { database = {
@ -67,10 +74,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "database"; name = "database";
mountPath = "/var/lib/postgresql/data"; mountPath = "/var/lib/postgresql/data";
}]; }
];
}; };
}; };
}; };

18
modules/bind9/default.nix
View file

@ -1,8 +1,12 @@
{ config, lib, globals, dns, ... }:
let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns);
in
{ {
config,
lib,
globals,
dns,
...
}: let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns);
in {
options.bind9.enable = lib.mkEnableOption "bind9"; options.bind9.enable = lib.mkEnableOption "bind9";
config = lib.mkIf config.bind9.enable { config = lib.mkIf config.bind9.enable {
@ -99,10 +103,12 @@ in
}; };
}; };
volumes = [{ volumes = [
{
name = "config"; name = "config";
configMap.name = "bind9-config"; configMap.name = "bind9-config";
}]; }
];
}; };
}; };
}; };

3
modules/bind9/kun.is.zone.nix
View file

@ -1,4 +1,5 @@
globals: dns: with dns.lib.combinators; { globals: dns:
with dns.lib.combinators; {
CAA = letsEncrypt "caa@kun.is"; CAA = letsEncrypt "caa@kun.is";
SOA = { SOA = {

7
modules/blog.nix
View file

@ -1,4 +1,9 @@
{ blog-pim, lib, config, ... }: { {
blog-pim,
lib,
config,
...
}: {
options.blog.enable = lib.mkEnableOption "blog"; options.blog.enable = lib.mkEnableOption "blog";
config = lib.mkIf config.blog.enable { config = lib.mkIf config.blog.enable {

13
modules/bootstrap-default.nix
View file

@ -1,4 +1,12 @@
{ config, lib, nixhelm, system, globals, machines, ... }: { {
config,
lib,
nixhelm,
system,
globals,
machines,
...
}: {
options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default"; options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default";
config = lib.mkIf config.bootstrap-default.enable { config = lib.mkIf config.bootstrap-default.enable {
@ -57,8 +65,7 @@
ntfy = {}; ntfy = {};
}; };
nodes = nodes = let
let
machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
in in
builtins.mapAttrs builtins.mapAttrs

14
modules/bootstrap-kube-system/default.nix
View file

@ -1,4 +1,10 @@
{ config, lib, nixhelm, system, ... }: { {
config,
lib,
nixhelm,
system,
...
}: {
options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system"; options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system";
config = lib.mkIf config.bootstrap-kube-system.enable { config = lib.mkIf config.bootstrap-kube-system.enable {
@ -29,10 +35,12 @@
server = "https://acme-v02.api.letsencrypt.org/directory"; server = "https://acme-v02.api.letsencrypt.org/directory";
email = "pim@kunis.nl"; email = "pim@kunis.nl";
privateKeySecretRef.name = "letsencrypt-private-key"; privateKeySecretRef.name = "letsencrypt-private-key";
solvers = [{ solvers = [
{
selector = {}; selector = {};
http01.ingress.class = "traefik"; http01.ingress.class = "traefik";
}]; }
];
}; };
}; };
}; };

7
modules/cyberchef.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: { {
config,
lib,
globals,
...
}: {
options.cyberchef.enable = lib.mkEnableOption "cyberchef"; options.cyberchef.enable = lib.mkEnableOption "cyberchef";
config = lib.mkIf config.cyberchef.enable { config = lib.mkIf config.cyberchef.enable {

9
modules/dnsmasq.nix
View file

@ -1,4 +1,11 @@
{ self, utils, globals, config, lib, ... }: { {
self,
utils,
globals,
config,
lib,
...
}: {
options.dnsmasq.enable = lib.mkEnableOption "dnsmasq"; options.dnsmasq.enable = lib.mkEnableOption "dnsmasq";
config = lib.mkIf config.dnsmasq.enable { config = lib.mkIf config.dnsmasq.enable {

7
modules/forgejo/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: { {
lib,
config,
globals,
...
}: {
options.forgejo.enable = lib.mkEnableOption "forgejo"; options.forgejo.enable = lib.mkEnableOption "forgejo";
config = lib.mkIf config.forgejo.enable { config = lib.mkIf config.forgejo.enable {

13
modules/freshrss.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: { {
config,
lib,
globals,
...
}: {
options.freshrss.enable = lib.mkEnableOption "freshrss"; options.freshrss.enable = lib.mkEnableOption "freshrss";
config = lib.mkIf config.freshrss.enable { config = lib.mkIf config.freshrss.enable {
@ -43,10 +48,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/var/www/FreshRSS/data"; mountPath = "/var/www/FreshRSS/data";
}]; }
];
}; };
volumes.data.persistentVolumeClaim.claimName = "data"; volumes.data.persistentVolumeClaim.claimName = "data";

13
modules/hedgedoc.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: { {
config,
lib,
globals,
...
}: {
options.hedgedoc.enable = lib.mkEnableOption "hedgedoc"; options.hedgedoc.enable = lib.mkEnableOption "hedgedoc";
config = lib.mkIf config.hedgedoc.enable { config = lib.mkIf config.hedgedoc.enable {
@ -106,10 +111,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "database"; name = "database";
mountPath = "/pgdata"; mountPath = "/pgdata";
}]; }
];
}; };
volumes.database.persistentVolumeClaim.claimName = "database"; volumes.database.persistentVolumeClaim.claimName = "database";

25
modules/immich.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: { {
globals,
config,
lib,
...
}: {
options.immich.enable = lib.mkEnableOption "immich"; options.immich.enable = lib.mkEnableOption "immich";
config = lib.mkIf config.immich.enable { config = lib.mkIf config.immich.enable {
@ -51,10 +56,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/usr/src/app/upload"; mountPath = "/usr/src/app/upload";
}]; }
];
}; };
}; };
}; };
@ -90,10 +97,12 @@
ports.ml.containerPort = 3003; ports.ml.containerPort = 3003;
env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600"; env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600";
volumeMounts = [{ volumeMounts = [
{
name = "cache"; name = "cache";
mountPath = "/cache"; mountPath = "/cache";
}]; }
];
}; };
}; };
}; };
@ -175,10 +184,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/pgdata"; mountPath = "/pgdata";
}]; }
];
}; };
}; };
}; };

7
modules/inbucket.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: { {
globals,
config,
lib,
...
}: {
options.inbucket.enable = lib.mkEnableOption "inbucket"; options.inbucket.enable = lib.mkEnableOption "inbucket";
config = lib.mkIf config.inbucket.enable { config = lib.mkIf config.inbucket.enable {

31
modules/ingress.nix
View file

@ -1,5 +1,8 @@
{ lib, config, ... }: {
let lib,
config,
...
}: let
ingressOpts = {name, ...}: { ingressOpts = {name, ...}: {
options = { options = {
host = lib.mkOption { host = lib.mkOption {
@ -22,8 +25,7 @@ let
}; };
}; };
}; };
in in {
{
options = { options = {
lab.ingresses = lib.mkOption { lab.ingresses = lib.mkOption {
type = with lib.types; attrsOf (submodule ingressOpts); type = with lib.types; attrsOf (submodule ingressOpts);
@ -32,7 +34,8 @@ in
}; };
config = { config = {
kubernetes.resources.ingresses = builtins.mapAttrs kubernetes.resources.ingresses =
builtins.mapAttrs
(name: ingress: { (name: ingress: {
metadata.annotations = { metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt"; "cert-manager.io/cluster-issuer" = "letsencrypt";
@ -42,10 +45,12 @@ in
spec = { spec = {
ingressClassName = "traefik"; ingressClassName = "traefik";
rules = [{ rules = [
{
host = ingress.host; host = ingress.host;
http.paths = [{ http.paths = [
{
path = "/"; path = "/";
pathType = "Prefix"; pathType = "Prefix";
@ -53,13 +58,17 @@ in
name = ingress.service.name; name = ingress.service.name;
port.name = ingress.service.portName; port.name = ingress.service.portName;
}; };
}]; }
}]; ];
}
];
tls = [{ tls = [
{
secretName = "${name}-tls"; secretName = "${name}-tls";
hosts = [ingress.host]; hosts = [ingress.host];
}]; }
];
}; };
}) })
config.lab.ingresses; config.lab.ingresses;

13
modules/kitchenowl.nix
View file

@ -1,4 +1,9 @@
{ lib, globals, config, ... }: { {
lib,
globals,
config,
...
}: {
options.kitchenowl.enable = lib.mkEnableOption "kitchenowl"; options.kitchenowl.enable = lib.mkEnableOption "kitchenowl";
config = lib.mkIf config.kitchenowl.enable { config = lib.mkIf config.kitchenowl.enable {
@ -33,10 +38,12 @@
key = "jwtSecretKey"; key = "jwtSecretKey";
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/data"; mountPath = "/data";
}]; }
];
}; };
securityContext = { securityContext = {

7
modules/kms.nix
View file

@ -1,4 +1,9 @@
{ config, globals, lib, ... }: { {
config,
globals,
lib,
...
}: {
options.kms.enable = lib.mkEnableOption "kms"; options.kms.enable = lib.mkEnableOption "kms";
config = lib.mkIf config.kms.enable { config = lib.mkIf config.kms.enable {

28
modules/longhorn-volume.nix
View file

@ -1,5 +1,8 @@
{ lib, config, ... }: {
let lib,
config,
...
}: let
longhornVolumeOpts = {name, ...}: { longhornVolumeOpts = {name, ...}: {
options = { options = {
storage = lib.mkOption { storage = lib.mkOption {
@ -34,8 +37,7 @@ let
}; };
}; };
}; };
in in {
{
options = { options = {
lab.longhornVolumes = lib.mkOption { lab.longhornVolumes = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornVolumeOpts); type = with lib.types; attrsOf (submodule longhornVolumeOpts);
@ -57,7 +59,8 @@ in
config = { config = {
kubernetes.resources = { kubernetes.resources = {
persistentVolumes = lib.mergeAttrs persistentVolumes =
lib.mergeAttrs
(builtins.mapAttrs (builtins.mapAttrs
(name: longhornVolume: { (name: longhornVolume: {
spec = { spec = {
@ -84,10 +87,12 @@ in
staleReplicaTimeout = "30"; staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored"; unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{ recurringJobSelector = lib.generators.toYAML {} [
{
name = "backup-nfs"; name = "backup-nfs";
isGroup = false; isGroup = false;
}]; }
];
}; };
}; };
}; };
@ -114,17 +119,20 @@ in
staleReplicaTimeout = "30"; staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored"; unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{ recurringJobSelector = lib.generators.toYAML {} [
{
name = "backup-nfs"; name = "backup-nfs";
isGroup = false; isGroup = false;
}]; }
];
}; };
}; };
}; };
}) })
config.lab.longhorn.persistentVolume); config.lab.longhorn.persistentVolume);
persistentVolumeClaims = lib.mergeAttrs persistentVolumeClaims =
lib.mergeAttrs
(builtins.mapAttrs (builtins.mapAttrs
(name: longhornVolume: { (name: longhornVolume: {
spec = { spec = {

31
modules/media.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: { {
globals,
config,
lib,
...
}: {
options.media.enable = lib.mkEnableOption "media"; options.media.enable = lib.mkEnableOption "media";
config = lib.mkIf config.media.enable { config = lib.mkIf config.media.enable {
@ -64,13 +69,17 @@
fsGroupChangePolicy = "OnRootMismatch"; fsGroupChangePolicy = "OnRootMismatch";
}; };
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{ affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [
matchExpressions = [{ {
matchExpressions = [
{
key = "hasMedia"; key = "hasMedia";
operator = "In"; operator = "In";
values = ["true"]; values = ["true"];
}]; }
}]; ];
}
];
}; };
}; };
}; };
@ -167,10 +176,12 @@
TZ.value = "Europe/Amsterdam"; TZ.value = "Europe/Amsterdam";
}; };
volumeMounts = [{ volumeMounts = [
{
name = "config"; name = "config";
mountPath = "/app/config"; mountPath = "/app/config";
}]; }
];
}; };
securityContext = { securityContext = {
@ -274,10 +285,12 @@
TZ.value = "Europe/Amsterdam"; TZ.value = "Europe/Amsterdam";
}; };
volumeMounts = [{ volumeMounts = [
{
name = "config"; name = "config";
mountPath = "/config"; mountPath = "/config";
}]; }
];
}; };
securityContext = { securityContext = {

13
modules/minecraft.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: { {
lib,
config,
globals,
...
}: {
options.minecraft.enable = lib.mkEnableOption "minecraft"; options.minecraft.enable = lib.mkEnableOption "minecraft";
config = lib.mkIf config.minecraft.enable { config = lib.mkIf config.minecraft.enable {
@ -18,10 +23,12 @@
env.EULA.value = "TRUE"; env.EULA.value = "TRUE";
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/data"; mountPath = "/data";
}]; }
];
}; };
securityContext = { securityContext = {

31
modules/nextcloud.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: { {
lib,
config,
globals,
...
}: {
options.nextcloud.enable = lib.mkEnableOption "nextcloud"; options.nextcloud.enable = lib.mkEnableOption "nextcloud";
config = lib.mkIf config.nextcloud.enable { config = lib.mkIf config.nextcloud.enable {
@ -45,10 +50,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/var/www/html"; mountPath = "/var/www/html";
}]; }
];
}; };
securityContext = { securityContext = {
@ -56,14 +63,18 @@
fsGroupChangePolicy = "OnRootMismatch"; fsGroupChangePolicy = "OnRootMismatch";
}; };
affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{ affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [
{
weight = 1; weight = 1;
preference.matchExpressions = [{ preference.matchExpressions = [
{
key = "storageType"; key = "storageType";
operator = "In"; operator = "In";
values = ["fast"]; values = ["fast"];
}]; }
}]; ];
}
];
}; };
}; };
}; };
@ -97,10 +108,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "database"; name = "database";
mountPath = "/pgdata"; mountPath = "/pgdata";
}]; }
];
}; };
volumes.database.persistentVolumeClaim.claimName = "database"; volumes.database.persistentVolumeClaim.claimName = "database";

7
modules/ntfy.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: { {
lib,
config,
globals,
...
}: {
options.ntfy.enable = lib.mkEnableOption "ntfy"; options.ntfy.enable = lib.mkEnableOption "ntfy";
config = lib.mkIf config.ntfy.enable { config = lib.mkIf config.ntfy.enable {

25
modules/paperless.nix
View file

@ -1,4 +1,9 @@
{ globals, lib, config, ... }: { {
globals,
lib,
config,
...
}: {
options.paperless.enable = lib.mkEnableOption "paperless"; options.paperless.enable = lib.mkEnableOption "paperless";
config = lib.mkIf config.paperless.enable { config = lib.mkIf config.paperless.enable {
@ -64,10 +69,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/data"; mountPath = "/data";
}]; }
];
}; };
securityContext = { securityContext = {
@ -107,10 +114,12 @@
ports.redis.containerPort = 6379; ports.redis.containerPort = 6379;
imagePullPolicy = "IfNotPresent"; imagePullPolicy = "IfNotPresent";
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/data"; mountPath = "/data";
}]; }
];
}; };
securityContext = { securityContext = {
@ -159,10 +168,12 @@
}; };
}; };
volumeMounts = [{ volumeMounts = [
{
name = "data"; name = "data";
mountPath = "/pgdata"; mountPath = "/pgdata";
}]; }
];
}; };
volumes.data.persistentVolumeClaim.claimName = "database"; volumes.data.persistentVolumeClaim.claimName = "database";

7
modules/pihole.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: { {
globals,
config,
lib,
...
}: {
options.pihole.enable = lib.mkEnableOption "pihole"; options.pihole.enable = lib.mkEnableOption "pihole";
config = lib.mkIf config.pihole.enable { config = lib.mkIf config.pihole.enable {

7
modules/radicale.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: { {
config,
lib,
globals,
...
}: {
options.radicale.enable = lib.mkEnableOption "radicale"; options.radicale.enable = lib.mkEnableOption "radicale";
config = lib.mkIf config.radicale.enable { config = lib.mkIf config.radicale.enable {

7
modules/syncthing.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: { {
globals,
config,
lib,
...
}: {
options.syncthing.enable = lib.mkEnableOption "syncthing"; options.syncthing.enable = lib.mkEnableOption "syncthing";
config = lib.mkIf config.syncthing.enable { config = lib.mkIf config.syncthing.enable {

39
modules/tailscale-ingress.nix
View file

@ -1,4 +1,8 @@
{ lib, config, ... }: { {
lib,
config,
...
}: {
options = with lib.types; { options = with lib.types; {
lab.tailscaleIngresses = lib.mkOption { lab.tailscaleIngresses = lib.mkOption {
type = attrsOf (submodule { type = attrsOf (submodule {
@ -20,16 +24,20 @@
}; };
}; };
config = config = let
let
cfg = config.lab.tailscaleIngresses; cfg = config.lab.tailscaleIngresses;
mkTailscaleIngress = name: { host, service }: { mkTailscaleIngress = name: {
host,
service,
}: {
spec = { spec = {
ingressClassName = "tailscale"; ingressClassName = "tailscale";
rules = [{ rules = [
http.paths = [{ {
http.paths = [
{
path = "/"; path = "/";
pathType = "Prefix"; pathType = "Prefix";
@ -37,16 +45,19 @@
name = service.name; name = service.name;
port.name = service.portName; port.name = service.portName;
}; };
}]; }
}]; ];
}
];
tls = [{ tls = [
hosts = [ host ];
}];
};
};
in
{ {
hosts = [host];
}
];
};
};
in {
kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg; kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg;
}; };
} }

8
modules/tailscale.nix
View file

@ -1,4 +1,10 @@
{ nixhelm, system, config, lib, ... }: { {
nixhelm,
system,
config,
lib,
...
}: {
options.tailscale.enable = lib.mkEnableOption "tailscale"; options.tailscale.enable = lib.mkEnableOption "tailscale";
config = lib.mkIf config.tailscale.enable { config = lib.mkIf config.tailscale.enable {

7
modules/traefik.nix
View file

@ -1,4 +1,9 @@
{ lib, globals, config, ... }: { {
lib,
globals,
config,
...
}: {
options.traefik.enable = lib.mkEnableOption "traefik"; options.traefik.enable = lib.mkEnableOption "traefik";
config = lib.mkIf config.traefik.enable { config = lib.mkIf config.traefik.enable {

20
scripts/default.nix
View file

@ -1,8 +1,17 @@
{ nixpkgs, flutils, ... }: flutils.lib.eachDefaultSystem (system: {
let nixpkgs,
flake-utils,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }: createScript = {
let name,
runtimeInputs,
scriptPath,
extraWrapperFlags ? "",
...
}: let
script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out"; buildCommand = "${old.buildCommand}\n patchShebangs $out";
}); });
@ -13,8 +22,7 @@ let
buildInputs = [pkgs.makeWrapper]; buildInputs = [pkgs.makeWrapper];
postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}"; postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}";
}; };
in in {
{
packages.gen-k3s-cert = createScript { packages.gen-k3s-cert = createScript {
name = "create-k3s-cert"; name = "create-k3s-cert";
runtimeInputs = with pkgs; [openssl coreutils openssh yq]; runtimeInputs = with pkgs; [openssl coreutils openssh yq];

21
utils.nix
View file

@ -1,10 +1,21 @@
{ pkgs, nixpkgs, nixng, globals, ... }: { {
mkNixNGImage = name: file: pkgs,
let nixpkgs,
stream = (import file { nixng,
globals,
...
}: {
mkNixNGImage = name: file: let
stream =
(import file {
inherit nixpkgs nixng globals; inherit nixpkgs nixng globals;
inherit (nixng) nglib; inherit (nixng) nglib;
}).config.system.build.ociImage.stream; })
.config
.system
.build
.ociImage
.stream;
in in
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "${name}.tar"; name = "${name}.tar";