Init

2024-09-07 12:35:02 +02:00 · 2024-09-07 12:35:02 +02:00 · cdec5a64aa
commit cdec5a64aa
44 changed files with 9802 additions and 0 deletions
--- a/modules/bootstrap-kube-system/default.nix
+++ b/modules/bootstrap-kube-system/default.nix
@ -0,0 +1,40 @@
+{ config, lib, nixhelm, system, ... }: {
+  options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system";
+
+  config = lib.mkIf config.bootstrap-kube-system.enable {
+    kubernetes = {
+      # TODO: These were copied from https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
+      # See https://cert-manager.io/docs/installation/helm/
+      # Seems kubenix cannot import a list of resources, only individual resources.
+      # Might be good to create a PR for this.
+      imports = [
+        ./manifests/certificaterequest.yaml
+        ./manifests/certificate.yaml
+        ./manifests/challenge.yaml
+        ./manifests/clusterissuer.yaml
+        ./manifests/issuer.yaml
+        ./manifests/order.yaml
+      ];
+
+      helm.releases = {
+        cert-manager = {
+          chart = nixhelm.chartsDerivations.${system}.jetstack.cert-manager;
+          includeCRDs = false;
+          namespace = "kube-system";
+        };
+      };
+
+      resources.clusterIssuers.letsencrypt = {
+        spec.acme = {
+          server = "https://acme-v02.api.letsencrypt.org/directory";
+          email = "pim@kunis.nl";
+          privateKeySecretRef.name = "letsencrypt-private-key";
+          solvers = [{
+            selector = { };
+            http01.ingress.class = "traefik";
+          }];
+        };
+      };
+    };
+  };
+}