home/kubernetes-deployments
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Format repo

Browse source
This commit is contained in:
Pim Kunis 2024-10-28 16:05:06 +01:00
parent 3169149045
commit 8160b9da0b
37 changed files with 643 additions and 392 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
flake.lock
View file

@ -3,7 +3,7 @@
"blog-pim": {
"inputs": {
"flutils": [
"flutils"
"flake-utils"
],
"nginx": "nginx",
"nixpkgs": [
@ -89,7 +89,7 @@
},
"dns_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"servers",
"nixpkgs"
@ -227,6 +227,24 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
@ -243,7 +261,7 @@
"type": "indirect"
}
},
"flake-utils_3": {
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
@ -261,7 +279,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_5": {
"locked": {
"lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
@ -276,7 +294,7 @@
"type": "github"
}
},
"flake-utils_5": {
"flake-utils_6": {
"inputs": {
"systems": "systems_7"
},
@ -294,24 +312,6 @@
"type": "github"
}
},
"flutils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -480,7 +480,7 @@
},
"nixhelm": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"haumea": "haumea",
"nix-kube-generators": "nix-kube-generators",
"nixpkgs": [
@ -675,7 +675,7 @@
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixhelm",
@ -725,7 +725,7 @@
"inputs": {
"blog-pim": "blog-pim",
"dns": "dns",
"flutils": "flutils",
"flake-utils": "flake-utils_2",
"kubenix": "kubenix",
"nixhelm": "nixhelm",
"nixng": "nixng",
@ -740,7 +740,7 @@
"deploy-rs": "deploy-rs",
"disko": "disko",
"dns": "dns_2",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_6",
"kubenix": "kubenix_2",
"nix-snapshotter": "nix-snapshotter",
"nixng": "nixng_2",

9
flake.nix
View file

@ -3,7 +3,7 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
flutils.url = "github:numtide/flake-utils";
flake-utils.url = "github:numtide/flake-utils";
treefmt-nix.url = "github:numtide/treefmt-nix";
pre-commit-hooks = {
@ -21,7 +21,7 @@
url = "git+https://git.kun.is/home/blog-pim?rev=7296f7f5bf5f089a5137036dcbd8058cf3e4a9e5";
inputs = {
nixpkgs.follows = "nixpkgs";
flutils.follows = "flutils";
flutils.follows = "flake-utils";
};
};
@ -46,10 +46,11 @@
};
};
outputs = inputs @ {flutils, ...}:
flutils.lib.meld inputs [
outputs = inputs @ {flake-utils, ...}:
flake-utils.lib.meld inputs [
./kubenix.nix
./scripts
./globals.nix
./formatter.nix
];
}

6
globals.nix
View file

@ -1,5 +1,4 @@
{ servers, ... }:
let
{servers, ...}: let
globals = {
images = {
jellyfin = "jellyfin/jellyfin:10.10.0";
@ -34,7 +33,6 @@ let
minecraft = "itzg/minecraft-server:latest";
};
};
in
{
in {
globals = globals // servers.globals;
}

6
images/attic.nix
View file

@ -1,4 +1,8 @@
{ nixpkgs, nglib, ... }:
{
nixpkgs,
nglib,
...
}:
nglib.makeSystem {
inherit nixpkgs;
system = "x86_64-linux";

7
images/dnsmasq.nix
View file

@ -1,4 +1,9 @@
{ globals, nixpkgs, nglib, ... }:
{
globals,
nixpkgs,
nglib,
...
}:
nglib.makeSystem {
inherit nixpkgs;
system = "x86_64-linux";

51
kubenix.nix
View file

@ -1,6 +1,13 @@
inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaultSystem
(system:
let
inputs @ {
self,
servers,
flake-utils,
nixpkgs,
kubenix,
...
}:
flake-utils.lib.eachDefaultSystem
(system: let
pkgs = nixpkgs.legacyPackages.${system};
lib = pkgs.lib;
deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: {
@ -9,7 +16,8 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
machines = servers.machines.${system};
mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} {
mkKubernetes = name: module: namespace:
(kubenix.evalModules.${system} {
specialArgs = {
inherit namespace system machines self;
inherit (inputs) nixhelm blog-pim dns nixpkgs nixng;
@ -22,8 +30,7 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
};
};
module = { kubenix, ... }:
{
module = {kubenix, ...}: {
imports = [
kubenix.modules.k8s
kubenix.modules.helm
@ -36,20 +43,28 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
kubernetes.namespace = namespace;
};
};
}).config.kubernetes;
})
.config
.kubernetes;
mkManifest = name: { module, namespace }: {
mkManifest = name: {
module,
namespace,
}: {
name = "${name}-manifest";
value = (mkKubernetes name module namespace).result;
};
mkDeployApp = name: { module, namespace }:
let
mkDeployApp = name: {
module,
namespace,
}: let
kubernetes = mkKubernetes name module namespace;
kubeconfig = kubernetes.kubeconfig or "";
result = kubernetes.result or "";
wrappedDeployScript = pkgs.symlinkJoin
wrappedDeployScript =
pkgs.symlinkJoin
{
name = "applyset-deploy.sh";
paths = [deployScript pkgs.vals pkgs.kubectl];
@ -57,13 +72,15 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
passthru.manifest = result;
meta.mainProgram = "applyset-deploy.sh";
postBuild =
let
postBuild = let
# HACK: create normal way of checking if server runs k8s
k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines;
k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines);
in
/* bash */ ''
/*
bash
*/
''
wrapProgram $out/bin/applyset-deploy.sh \
--suffix PATH : "$out/bin" \
--run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
@ -75,14 +92,12 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul
--set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests'
'';
};
in
{
in {
name = "${name}-deploy";
value = wrappedDeployScript;
};
deployments = import ./deployments.nix;
in
{
in {
packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments);
})

21
modules/attic.nix
View file

@ -1,4 +1,11 @@
{ self, utils, lib, config, globals, ... }: {
{
self,
utils,
lib,
config,
globals,
...
}: {
options.attic.enable = lib.mkEnableOption "attic";
config = lib.mkIf config.attic.enable {
@ -50,10 +57,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/var/lib/atticd/storage";
}];
}
];
};
volumes = {
@ -98,10 +107,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}];
}
];
};
volumes.data.persistentVolumeClaim.claimName = "database";

19
modules/atuin.nix
View file

@ -1,4 +1,9 @@
{ config, globals, lib, ... }: {
{
config,
globals,
lib,
...
}: {
options.atuin.enable = lib.mkEnableOption "atuin";
config = lib.mkIf config.atuin.enable {
@ -47,10 +52,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/config";
}];
}
];
};
database = {
@ -67,10 +74,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "database";
mountPath = "/var/lib/postgresql/data";
}];
}
];
};
};
};

18
modules/bind9/default.nix
View file

@ -1,8 +1,12 @@
{ config, lib, globals, dns, ... }:
let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns);
in
{
config,
lib,
globals,
dns,
...
}: let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns);
in {
options.bind9.enable = lib.mkEnableOption "bind9";
config = lib.mkIf config.bind9.enable {
@ -99,10 +103,12 @@ in
};
};
volumes = [{
volumes = [
{
name = "config";
configMap.name = "bind9-config";
}];
}
];
};
};
};

3
modules/bind9/kun.is.zone.nix
View file

@ -1,4 +1,5 @@
globals: dns: with dns.lib.combinators; {
globals: dns:
with dns.lib.combinators; {
CAA = letsEncrypt "caa@kun.is";
SOA = {

7
modules/blog.nix
View file

@ -1,4 +1,9 @@
{ blog-pim, lib, config, ... }: {
{
blog-pim,
lib,
config,
...
}: {
options.blog.enable = lib.mkEnableOption "blog";
config = lib.mkIf config.blog.enable {

13
modules/bootstrap-default.nix
View file

@ -1,4 +1,12 @@
{ config, lib, nixhelm, system, globals, machines, ... }: {
{
config,
lib,
nixhelm,
system,
globals,
machines,
...
}: {
options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default";
config = lib.mkIf config.bootstrap-default.enable {
@ -57,8 +65,7 @@
ntfy = {};
};
nodes =
let
nodes = let
machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
in
builtins.mapAttrs

14
modules/bootstrap-kube-system/default.nix
View file

@ -1,4 +1,10 @@
{ config, lib, nixhelm, system, ... }: {
{
config,
lib,
nixhelm,
system,
...
}: {
options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system";
config = lib.mkIf config.bootstrap-kube-system.enable {
@ -29,10 +35,12 @@
server = "https://acme-v02.api.letsencrypt.org/directory";
email = "pim@kunis.nl";
privateKeySecretRef.name = "letsencrypt-private-key";
solvers = [{
solvers = [
{
selector = {};
http01.ingress.class = "traefik";
}];
}
];
};
};
};

7
modules/cyberchef.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: {
{
config,
lib,
globals,
...
}: {
options.cyberchef.enable = lib.mkEnableOption "cyberchef";
config = lib.mkIf config.cyberchef.enable {

9
modules/dnsmasq.nix
View file

@ -1,4 +1,11 @@
{ self, utils, globals, config, lib, ... }: {
{
self,
utils,
globals,
config,
lib,
...
}: {
options.dnsmasq.enable = lib.mkEnableOption "dnsmasq";
config = lib.mkIf config.dnsmasq.enable {

7
modules/forgejo/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: {
{
lib,
config,
globals,
...
}: {
options.forgejo.enable = lib.mkEnableOption "forgejo";
config = lib.mkIf config.forgejo.enable {

13
modules/freshrss.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: {
{
config,
lib,
globals,
...
}: {
options.freshrss.enable = lib.mkEnableOption "freshrss";
config = lib.mkIf config.freshrss.enable {
@ -43,10 +48,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/var/www/FreshRSS/data";
}];
}
];
};
volumes.data.persistentVolumeClaim.claimName = "data";

13
modules/hedgedoc.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: {
{
config,
lib,
globals,
...
}: {
options.hedgedoc.enable = lib.mkEnableOption "hedgedoc";
config = lib.mkIf config.hedgedoc.enable {
@ -106,10 +111,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "database";
mountPath = "/pgdata";
}];
}
];
};
volumes.database.persistentVolumeClaim.claimName = "database";

25
modules/immich.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.immich.enable = lib.mkEnableOption "immich";
config = lib.mkIf config.immich.enable {
@ -51,10 +56,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/usr/src/app/upload";
}];
}
];
};
};
};
@ -90,10 +97,12 @@
ports.ml.containerPort = 3003;
env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600";
volumeMounts = [{
volumeMounts = [
{
name = "cache";
mountPath = "/cache";
}];
}
];
};
};
};
@ -175,10 +184,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}];
}
];
};
};
};

7
modules/inbucket.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.inbucket.enable = lib.mkEnableOption "inbucket";
config = lib.mkIf config.inbucket.enable {

31
modules/ingress.nix
View file

@ -1,5 +1,8 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
ingressOpts = {name, ...}: {
options = {
host = lib.mkOption {
@ -22,8 +25,7 @@ let
};
};
};
in
{
in {
options = {
lab.ingresses = lib.mkOption {
type = with lib.types; attrsOf (submodule ingressOpts);
@ -32,7 +34,8 @@ in
};
config = {
kubernetes.resources.ingresses = builtins.mapAttrs
kubernetes.resources.ingresses =
builtins.mapAttrs
(name: ingress: {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
@ -42,10 +45,12 @@ in
spec = {
ingressClassName = "traefik";
rules = [{
rules = [
{
host = ingress.host;
http.paths = [{
http.paths = [
{
path = "/";
pathType = "Prefix";
@ -53,13 +58,17 @@ in
name = ingress.service.name;
port.name = ingress.service.portName;
};
}];
}];
}
];
}
];
tls = [{
tls = [
{
secretName = "${name}-tls";
hosts = [ingress.host];
}];
}
];
};
})
config.lab.ingresses;

13
modules/kitchenowl.nix
View file

@ -1,4 +1,9 @@
{ lib, globals, config, ... }: {
{
lib,
globals,
config,
...
}: {
options.kitchenowl.enable = lib.mkEnableOption "kitchenowl";
config = lib.mkIf config.kitchenowl.enable {
@ -33,10 +38,12 @@
key = "jwtSecretKey";
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/data";
}];
}
];
};
securityContext = {

7
modules/kms.nix
View file

@ -1,4 +1,9 @@
{ config, globals, lib, ... }: {
{
config,
globals,
lib,
...
}: {
options.kms.enable = lib.mkEnableOption "kms";
config = lib.mkIf config.kms.enable {

28
modules/longhorn-volume.nix
View file

@ -1,5 +1,8 @@
{ lib, config, ... }:
let
{
lib,
config,
...
}: let
longhornVolumeOpts = {name, ...}: {
options = {
storage = lib.mkOption {
@ -34,8 +37,7 @@ let
};
};
};
in
{
in {
options = {
lab.longhornVolumes = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornVolumeOpts);
@ -57,7 +59,8 @@ in
config = {
kubernetes.resources = {
persistentVolumes = lib.mergeAttrs
persistentVolumes =
lib.mergeAttrs
(builtins.mapAttrs
(name: longhornVolume: {
spec = {
@ -84,10 +87,12 @@ in
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{
recurringJobSelector = lib.generators.toYAML {} [
{
name = "backup-nfs";
isGroup = false;
}];
}
];
};
};
};
@ -114,17 +119,20 @@ in
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{
recurringJobSelector = lib.generators.toYAML {} [
{
name = "backup-nfs";
isGroup = false;
}];
}
];
};
};
};
})
config.lab.longhorn.persistentVolume);
persistentVolumeClaims = lib.mergeAttrs
persistentVolumeClaims =
lib.mergeAttrs
(builtins.mapAttrs
(name: longhornVolume: {
spec = {

31
modules/media.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.media.enable = lib.mkEnableOption "media";
config = lib.mkIf config.media.enable {
@ -64,13 +69,17 @@
fsGroupChangePolicy = "OnRootMismatch";
};
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{
matchExpressions = [{
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [
{
matchExpressions = [
{
key = "hasMedia";
operator = "In";
values = ["true"];
}];
}];
}
];
}
];
};
};
};
@ -167,10 +176,12 @@
TZ.value = "Europe/Amsterdam";
};
volumeMounts = [{
volumeMounts = [
{
name = "config";
mountPath = "/app/config";
}];
}
];
};
securityContext = {
@ -274,10 +285,12 @@
TZ.value = "Europe/Amsterdam";
};
volumeMounts = [{
volumeMounts = [
{
name = "config";
mountPath = "/config";
}];
}
];
};
securityContext = {

13
modules/minecraft.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: {
{
lib,
config,
globals,
...
}: {
options.minecraft.enable = lib.mkEnableOption "minecraft";
config = lib.mkIf config.minecraft.enable {
@ -18,10 +23,12 @@
env.EULA.value = "TRUE";
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/data";
}];
}
];
};
securityContext = {

31
modules/nextcloud.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: {
{
lib,
config,
globals,
...
}: {
options.nextcloud.enable = lib.mkEnableOption "nextcloud";
config = lib.mkIf config.nextcloud.enable {
@ -45,10 +50,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/var/www/html";
}];
}
];
};
securityContext = {
@ -56,14 +63,18 @@
fsGroupChangePolicy = "OnRootMismatch";
};
affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [
{
weight = 1;
preference.matchExpressions = [{
preference.matchExpressions = [
{
key = "storageType";
operator = "In";
values = ["fast"];
}];
}];
}
];
}
];
};
};
};
@ -97,10 +108,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "database";
mountPath = "/pgdata";
}];
}
];
};
volumes.database.persistentVolumeClaim.claimName = "database";

7
modules/ntfy.nix
View file

@ -1,4 +1,9 @@
{ lib, config, globals, ... }: {
{
lib,
config,
globals,
...
}: {
options.ntfy.enable = lib.mkEnableOption "ntfy";
config = lib.mkIf config.ntfy.enable {

25
modules/paperless.nix
View file

@ -1,4 +1,9 @@
{ globals, lib, config, ... }: {
{
globals,
lib,
config,
...
}: {
options.paperless.enable = lib.mkEnableOption "paperless";
config = lib.mkIf config.paperless.enable {
@ -64,10 +69,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/data";
}];
}
];
};
securityContext = {
@ -107,10 +114,12 @@
ports.redis.containerPort = 6379;
imagePullPolicy = "IfNotPresent";
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/data";
}];
}
];
};
securityContext = {
@ -159,10 +168,12 @@
};
};
volumeMounts = [{
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}];
}
];
};
volumes.data.persistentVolumeClaim.claimName = "database";

7
modules/pihole.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.pihole.enable = lib.mkEnableOption "pihole";
config = lib.mkIf config.pihole.enable {

7
modules/radicale.nix
View file

@ -1,4 +1,9 @@
{ config, lib, globals, ... }: {
{
config,
lib,
globals,
...
}: {
options.radicale.enable = lib.mkEnableOption "radicale";
config = lib.mkIf config.radicale.enable {

7
modules/syncthing.nix
View file

@ -1,4 +1,9 @@
{ globals, config, lib, ... }: {
{
globals,
config,
lib,
...
}: {
options.syncthing.enable = lib.mkEnableOption "syncthing";
config = lib.mkIf config.syncthing.enable {

39
modules/tailscale-ingress.nix
View file

@ -1,4 +1,8 @@
{ lib, config, ... }: {
{
lib,
config,
...
}: {
options = with lib.types; {
lab.tailscaleIngresses = lib.mkOption {
type = attrsOf (submodule {
@ -20,16 +24,20 @@
};
};
config =
let
config = let
cfg = config.lab.tailscaleIngresses;
mkTailscaleIngress = name: { host, service }: {
mkTailscaleIngress = name: {
host,
service,
}: {
spec = {
ingressClassName = "tailscale";
rules = [{
http.paths = [{
rules = [
{
http.paths = [
{
path = "/";
pathType = "Prefix";
@ -37,16 +45,19 @@
name = service.name;
port.name = service.portName;
};
}];
}];
}
];
}
];
tls = [{
hosts = [ host ];
}];
};
};
in
tls = [
{
hosts = [host];
}
];
};
};
in {
kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg;
};
}

8
modules/tailscale.nix
View file

@ -1,4 +1,10 @@
{ nixhelm, system, config, lib, ... }: {
{
nixhelm,
system,
config,
lib,
...
}: {
options.tailscale.enable = lib.mkEnableOption "tailscale";
config = lib.mkIf config.tailscale.enable {

7
modules/traefik.nix
View file

@ -1,4 +1,9 @@
{ lib, globals, config, ... }: {
{
lib,
globals,
config,
...
}: {
options.traefik.enable = lib.mkEnableOption "traefik";
config = lib.mkIf config.traefik.enable {

20
scripts/default.nix
View file

@ -1,8 +1,17 @@
{ nixpkgs, flutils, ... }: flutils.lib.eachDefaultSystem (system:
let
{
nixpkgs,
flake-utils,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:
let
createScript = {
name,
runtimeInputs,
scriptPath,
extraWrapperFlags ? "",
...
}: let
script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
@ -13,8 +22,7 @@ let
buildInputs = [pkgs.makeWrapper];
postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}";
};
in
{
in {
packages.gen-k3s-cert = createScript {
name = "create-k3s-cert";
runtimeInputs = with pkgs; [openssl coreutils openssh yq];

21
utils.nix
View file

@ -1,10 +1,21 @@
{ pkgs, nixpkgs, nixng, globals, ... }: {
mkNixNGImage = name: file:
let
stream = (import file {
{
pkgs,
nixpkgs,
nixng,
globals,
...
}: {
mkNixNGImage = name: file: let
stream =
(import file {
inherit nixpkgs nixng globals;
inherit (nixng) nglib;
}).config.system.build.ociImage.stream;
})
.config
.system
.build
.ociImage
.stream;
in
pkgs.stdenv.mkDerivation {
name = "${name}.tar";