home/kubernetes-deployments
2
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: home:8160b9da0b1e0186b7417d09f7a2d5dccf69e3c2
Branches Tags
home:master
home:generic-device-plugin
..
compare: home:f135658aa89f9283eefc044e7bcf698330b16547
Branches Tags
home:master
home:generic-device-plugin

No commits in common. "8160b9da0b1e0186b7417d09f7a2d5dccf69e3c2" and "f135658aa89f9283eefc044e7bcf698330b16547" have entirely different histories.
8160b9da0b ... f135658aa8

39 changed files with 388 additions and 789 deletions
Download patch file Download diff file Expand all files Collapse all files

160
flake.lock generated
View file

@ -3,7 +3,7 @@
"blog-pim": { "blog-pim": {
"inputs": { "inputs": {
"flutils": [ "flutils": [
"flake-utils" "flutils"
], ],
"nginx": "nginx", "nginx": "nginx",
"nixpkgs": [ "nixpkgs": [
@ -27,7 +27,7 @@
}, },
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"utils": "utils" "utils": "utils"
}, },
@ -89,7 +89,7 @@
}, },
"dns_2": { "dns_2": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"servers", "servers",
"nixpkgs" "nixpkgs"
@ -142,22 +142,6 @@
} }
}, },
"flake-compat_3": { "flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -173,7 +157,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -227,24 +211,6 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_3"
}, },
@ -261,7 +227,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-utils_4": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_4"
}, },
@ -279,7 +245,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_5": { "flake-utils_4": {
"locked": { "locked": {
"lastModified": 1614513358, "lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
@ -294,7 +260,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": { "flake-utils_5": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_7"
}, },
@ -312,24 +278,21 @@
"type": "github" "type": "github"
} }
}, },
"gitignore": { "flutils": {
"inputs": { "inputs": {
"nixpkgs": [ "systems": "systems"
"pre-commit-hooks",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1709087332, "lastModified": 1726560853,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "hercules-ci", "owner": "numtide",
"repo": "gitignore.nix", "repo": "flake-utils",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hercules-ci", "owner": "numtide",
"repo": "gitignore.nix", "repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
@ -380,7 +343,7 @@
}, },
"kubenix_2": { "kubenix_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_3",
"nixpkgs": [ "nixpkgs": [
"servers", "servers",
"nixpkgs-unstable" "nixpkgs-unstable"
@ -457,7 +420,7 @@
}, },
"nix-snapshotter": { "nix-snapshotter": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_4",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": [ "nixpkgs": [
"servers", "servers",
@ -480,7 +443,7 @@
}, },
"nixhelm": { "nixhelm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"haumea": "haumea", "haumea": "haumea",
"nix-kube-generators": "nix-kube-generators", "nix-kube-generators": "nix-kube-generators",
"nixpkgs": [ "nixpkgs": [
@ -578,22 +541,6 @@
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1720386169,
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1729357638, "lastModified": 1729357638,
"narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
@ -657,25 +604,9 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1726871744,
"narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"poetry2nix": { "poetry2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_3",
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": [
"nixhelm", "nixhelm",
@ -698,41 +629,16 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1729104314,
"narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"blog-pim": "blog-pim", "blog-pim": "blog-pim",
"dns": "dns", "dns": "dns",
"flake-utils": "flake-utils_2", "flutils": "flutils",
"kubenix": "kubenix", "kubenix": "kubenix",
"nixhelm": "nixhelm", "nixhelm": "nixhelm",
"nixng": "nixng", "nixng": "nixng",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"pre-commit-hooks": "pre-commit-hooks", "servers": "servers"
"servers": "servers",
"treefmt-nix": "treefmt-nix_3"
} }
}, },
"servers": { "servers": {
@ -740,7 +646,7 @@
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko", "disko": "disko",
"dns": "dns_2", "dns": "dns_2",
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_5",
"kubenix": "kubenix_2", "kubenix": "kubenix_2",
"nix-snapshotter": "nix-snapshotter", "nix-snapshotter": "nix-snapshotter",
"nixng": "nixng_2", "nixng": "nixng_2",
@ -771,7 +677,7 @@
"servers", "servers",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1729775275, "lastModified": 1729775275,
@ -965,24 +871,6 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix_3": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1730120726,
"narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt_2": { "treefmt_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

14
flake.nix
View file

@ -3,13 +3,7 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flutils.url = "github:numtide/flake-utils";
treefmt-nix.url = "github:numtide/treefmt-nix";
pre-commit-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixhelm = { nixhelm = {
url = "github:farcaller/nixhelm"; url = "github:farcaller/nixhelm";
@ -21,7 +15,7 @@
url = "git+https://git.kun.is/home/blog-pim?rev=7296f7f5bf5f089a5137036dcbd8058cf3e4a9e5"; url = "git+https://git.kun.is/home/blog-pim?rev=7296f7f5bf5f089a5137036dcbd8058cf3e4a9e5";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flutils.follows = "flake-utils"; flutils.follows = "flutils";
}; };
}; };
@ -46,11 +40,9 @@
}; };
}; };
outputs = inputs @ {flake-utils, ...}: outputs = inputs@{ flutils, ... }: flutils.lib.meld inputs [
flake-utils.lib.meld inputs [
./kubenix.nix ./kubenix.nix
./scripts ./scripts
./globals.nix ./globals.nix
./formatter.nix
]; ];
} }

27
formatter.nix
View file

@ -1,27 +0,0 @@
{
self,
nixpkgs,
treefmt-nix,
flake-utils,
pre-commit-hooks,
...
}:
flake-utils.lib.eachDefaultSystem (
system: let
pkgs = nixpkgs.legacyPackages.${system};
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
treefmtWrapper = treefmtEval.config.build.wrapper;
in {
packages.formatter = treefmtWrapper;
formatter = self.packages.${system}.formatter;
checks.pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
treefmt = {
enable = true;
package = treefmtWrapper;
};
};
};
}
)

6
globals.nix
View file

@ -1,4 +1,5 @@
{servers, ...}: let { servers, ... }:
let
globals = { globals = {
images = { images = {
jellyfin = "jellyfin/jellyfin:10.10.0"; jellyfin = "jellyfin/jellyfin:10.10.0";
@ -33,6 +34,7 @@
minecraft = "itzg/minecraft-server:latest"; minecraft = "itzg/minecraft-server:latest";
}; };
}; };
in { in
{
globals = globals // servers.globals; globals = globals // servers.globals;
} }

12
images/attic.nix
View file

@ -1,17 +1,13 @@
{ { nixpkgs, nglib, ... }:
nixpkgs,
nglib,
...
}:
nglib.makeSystem { nglib.makeSystem {
inherit nixpkgs; inherit nixpkgs;
system = "x86_64-linux"; system = "x86_64-linux";
name = "nixng-attic"; name = "nixng-attic";
config = {...}: { config = { ... }: {
dumb-init = { dumb-init = {
enable = true; enable = true;
type.services = {}; type.services = { };
}; };
init.services.attic = { init.services.attic = {
@ -26,7 +22,7 @@ nglib.makeSystem {
# This is done because we quote the template for the toml file. # This is done because we quote the template for the toml file.
# See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax # See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
# database.url = "ref+sops://secrets.yml#attic/databaseURL+"; # database.url = "ref+sops://secrets.yml#attic/databaseURL+";
database = {}; database = { };
storage = { storage = {
type = "local"; type = "local";

11
images/dnsmasq.nix
View file

@ -1,18 +1,13 @@
{ { globals, nixpkgs, nglib, ... }:
globals,
nixpkgs,
nglib,
...
}:
nglib.makeSystem { nglib.makeSystem {
inherit nixpkgs; inherit nixpkgs;
system = "x86_64-linux"; system = "x86_64-linux";
name = "nixng-dnsmasq"; name = "nixng-dnsmasq";
config = {...}: { config = { ... }: {
dumb-init = { dumb-init = {
enable = true; enable = true;
type.services = {}; type.services = { };
}; };
init.services.dnsmasq = { init.services.dnsmasq = {

57
kubenix.nix
View file

@ -1,13 +1,6 @@
inputs @ { inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaultSystem
self, (system:
servers, let
flake-utils,
nixpkgs,
kubenix,
...
}:
flake-utils.lib.eachDefaultSystem
(system: let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
lib = pkgs.lib; lib = pkgs.lib;
deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: { deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: {
@ -16,8 +9,7 @@ flake-utils.lib.eachDefaultSystem
machines = servers.machines.${system}; machines = servers.machines.${system};
mkKubernetes = name: module: namespace: mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} {
(kubenix.evalModules.${system} {
specialArgs = { specialArgs = {
inherit namespace system machines self; inherit namespace system machines self;
inherit (inputs) nixhelm blog-pim dns nixpkgs nixng; inherit (inputs) nixhelm blog-pim dns nixpkgs nixng;
@ -30,7 +22,8 @@ flake-utils.lib.eachDefaultSystem
}; };
}; };
module = {kubenix, ...}: { module = { kubenix, ... }:
{
imports = [ imports = [
kubenix.modules.k8s kubenix.modules.k8s
kubenix.modules.helm kubenix.modules.helm
@ -43,44 +36,34 @@ flake-utils.lib.eachDefaultSystem
kubernetes.namespace = namespace; kubernetes.namespace = namespace;
}; };
}; };
}) }).config.kubernetes;
.config
.kubernetes;
mkManifest = name: { mkManifest = name: { module, namespace }: {
module,
namespace,
}: {
name = "${name}-manifest"; name = "${name}-manifest";
value = (mkKubernetes name module namespace).result; value = (mkKubernetes name module namespace).result;
}; };
mkDeployApp = name: { mkDeployApp = name: { module, namespace }:
module, let
namespace,
}: let
kubernetes = mkKubernetes name module namespace; kubernetes = mkKubernetes name module namespace;
kubeconfig = kubernetes.kubeconfig or ""; kubeconfig = kubernetes.kubeconfig or "";
result = kubernetes.result or ""; result = kubernetes.result or "";
wrappedDeployScript = wrappedDeployScript = pkgs.symlinkJoin
pkgs.symlinkJoin
{ {
name = "applyset-deploy.sh"; name = "applyset-deploy.sh";
paths = [deployScript pkgs.vals pkgs.kubectl]; paths = [ deployScript pkgs.vals pkgs.kubectl ];
buildInputs = [pkgs.makeWrapper]; buildInputs = [ pkgs.makeWrapper ];
passthru.manifest = result; passthru.manifest = result;
meta.mainProgram = "applyset-deploy.sh"; meta.mainProgram = "applyset-deploy.sh";
postBuild = let postBuild =
let
# HACK: create normal way of checking if server runs k8s # HACK: create normal way of checking if server runs k8s
k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines; k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines;
k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines); k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines);
in in
/* /* bash */ ''
bash
*/
''
wrapProgram $out/bin/applyset-deploy.sh \ wrapProgram $out/bin/applyset-deploy.sh \
--suffix PATH : "$out/bin" \ --suffix PATH : "$out/bin" \
--run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \ --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
@ -92,12 +75,14 @@ flake-utils.lib.eachDefaultSystem
--set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests' --set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests'
''; '';
}; };
in { in
{
name = "${name}-deploy"; name = "${name}-deploy";
value = wrappedDeployScript; value = wrappedDeployScript;
}; };
deployments = import ./deployments.nix; deployments = import ./deployments.nix;
in { in
{
packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments); packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments);
}) })

21
modules/attic.nix
View file

@ -1,11 +1,4 @@
{ { self, utils, lib, config, globals, ... }: {
self,
utils,
lib,
config,
globals,
...
}: {
options.attic.enable = lib.mkEnableOption "attic"; options.attic.enable = lib.mkEnableOption "attic";
config = lib.mkIf config.attic.enable { config = lib.mkIf config.attic.enable {
@ -57,12 +50,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/var/lib/atticd/storage"; mountPath = "/var/lib/atticd/storage";
} }];
];
}; };
volumes = { volumes = {
@ -107,12 +98,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/pgdata"; mountPath = "/pgdata";
} }];
];
}; };
volumes.data.persistentVolumeClaim.claimName = "database"; volumes.data.persistentVolumeClaim.claimName = "database";

21
modules/atuin.nix
View file

@ -1,9 +1,4 @@
{ { config, globals, lib, ... }: {
config,
globals,
lib,
...
}: {
options.atuin.enable = lib.mkEnableOption "atuin"; options.atuin.enable = lib.mkEnableOption "atuin";
config = lib.mkIf config.atuin.enable { config = lib.mkIf config.atuin.enable {
@ -39,7 +34,7 @@
image = globals.images.atuin; image = globals.images.atuin;
imagePullPolicy = "IfNotPresent"; imagePullPolicy = "IfNotPresent";
ports.web.containerPort = 8888; ports.web.containerPort = 8888;
args = ["server" "start"]; args = [ "server" "start" ];
env = { env = {
ATUIN_HOST.value = "0.0.0.0"; ATUIN_HOST.value = "0.0.0.0";
@ -52,12 +47,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/config"; mountPath = "/config";
} }];
];
}; };
database = { database = {
@ -74,12 +67,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "database"; name = "database";
mountPath = "/var/lib/postgresql/data"; mountPath = "/var/lib/postgresql/data";
} }];
];
}; };
}; };
}; };

26
modules/bind9/default.nix
View file

@ -1,12 +1,8 @@
{ { config, lib, globals, dns, ... }:
config, let
lib,
globals,
dns,
...
}: let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns); kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns);
in { in
{
options.bind9.enable = lib.mkEnableOption "bind9"; options.bind9.enable = lib.mkEnableOption "bind9";
config = lib.mkIf config.bind9.enable { config = lib.mkIf config.bind9.enable {
@ -58,7 +54,7 @@ in {
containers = { containers = {
bind9-udp = { bind9-udp = {
image = globals.images.bind9; image = globals.images.bind9;
envFrom = [{configMapRef.name = "bind9-env";}]; envFrom = [{ configMapRef.name = "bind9-env"; }];
ports.dns-udp = { ports.dns-udp = {
containerPort = 53; containerPort = 53;
@ -81,7 +77,7 @@ in {
bind9-tcp = { bind9-tcp = {
image = globals.images.bind9; image = globals.images.bind9;
envFrom = [{configMapRef.name = "bind9-env";}]; envFrom = [{ configMapRef.name = "bind9-env"; }];
ports.dns-tcp = { ports.dns-tcp = {
containerPort = 53; containerPort = 53;
@ -103,12 +99,10 @@ in {
}; };
}; };
volumes = [ volumes = [{
{
name = "config"; name = "config";
configMap.name = "bind9-config"; configMap.name = "bind9-config";
} }];
];
}; };
}; };
}; };
@ -123,7 +117,7 @@ in {
spec = { spec = {
type = "LoadBalancer"; type = "LoadBalancer";
selector.app = "bind9"; selector.app = "bind9";
ipFamilies = ["IPv4" "IPv6"]; ipFamilies = [ "IPv4" "IPv6" ];
ipFamilyPolicy = "RequireDualStack"; ipFamilyPolicy = "RequireDualStack";
ports.dns = { ports.dns = {
@ -143,7 +137,7 @@ in {
spec = { spec = {
type = "LoadBalancer"; type = "LoadBalancer";
selector.app = "bind9"; selector.app = "bind9";
ipFamilies = ["IPv4" "IPv6"]; ipFamilies = [ "IPv4" "IPv6" ];
ipFamilyPolicy = "RequireDualStack"; ipFamilyPolicy = "RequireDualStack";
ports.dns = { ports.dns = {

21
modules/bind9/kun.is.zone.nix
View file

@ -1,5 +1,4 @@
globals: dns: globals: dns: with dns.lib.combinators; {
with dns.lib.combinators; {
CAA = letsEncrypt "caa@kun.is"; CAA = letsEncrypt "caa@kun.is";
SOA = { SOA = {
@ -18,36 +17,36 @@ with dns.lib.combinators; {
]; ];
TXT = [ TXT = [
(with spf; soft ["include:spf.glasnet.nl"]) (with spf; soft [ "include:spf.glasnet.nl" ])
]; ];
subdomains = rec { subdomains = rec {
"*".A = [globals.routerPublicIPv4]; "*".A = [ globals.routerPublicIPv4 ];
ns = { ns = {
A = [globals.routerPublicIPv4]; A = [ globals.routerPublicIPv4 ];
AAAA = []; AAAA = [ ];
}; };
ns1 = ns; ns1 = ns;
ns2 = ns; ns2 = ns;
wg = { wg = {
A = [globals.routerPublicIPv4]; A = [ globals.routerPublicIPv4 ];
AAAA = []; AAAA = [ ];
}; };
#for SMTP2GO to be able send emails from kun.is domain #for SMTP2GO to be able send emails from kun.is domain
em670271 = { em670271 = {
CNAME = ["return.smtp2go.net."]; CNAME = [ "return.smtp2go.net." ];
}; };
"s670271._domainkey" = { "s670271._domainkey" = {
CNAME = ["dkim.smtp2go.net."]; CNAME = [ "dkim.smtp2go.net." ];
}; };
link = { link = {
CNAME = ["track.smtp2go.net."]; CNAME = [ "track.smtp2go.net." ];
}; };
}; };
} }

7
modules/blog.nix
View file

@ -1,9 +1,4 @@
{ { blog-pim, lib, config, ... }: {
blog-pim,
lib,
config,
...
}: {
options.blog.enable = lib.mkEnableOption "blog"; options.blog.enable = lib.mkEnableOption "blog";
config = lib.mkIf config.blog.enable { config = lib.mkIf config.blog.enable {

59
modules/bootstrap-default.nix
View file

@ -1,12 +1,4 @@
{ { config, lib, nixhelm, system, globals, machines, ... }: {
config,
lib,
nixhelm,
system,
globals,
machines,
...
}: {
options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default"; options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default";
config = lib.mkIf config.bootstrap-default.enable { config = lib.mkIf config.bootstrap-default.enable {
@ -44,28 +36,29 @@
services.longhorn-frontend.spec.loadBalancerIP = globals.longhornIPv4; services.longhorn-frontend.spec.loadBalancerIP = globals.longhornIPv4;
namespaces = { namespaces = {
static-websites = {}; static-websites = { };
freshrss = {}; freshrss = { };
radicale = {}; radicale = { };
kms = {}; kms = { };
atuin = {}; atuin = { };
nextcloud = {}; nextcloud = { };
hedgedoc = {}; hedgedoc = { };
kitchenowl = {}; kitchenowl = { };
forgejo = {}; forgejo = { };
paperless = {}; paperless = { };
syncthing = {}; syncthing = { };
immich = {}; immich = { };
attic = {}; attic = { };
inbucket = {}; inbucket = { };
dns = {}; dns = { };
media = {}; media = { };
minecraft = {}; minecraft = { };
tailscale = {}; tailscale = { };
ntfy = {}; ntfy = { };
}; };
nodes = let nodes =
let
machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
in in
builtins.mapAttrs builtins.mapAttrs
@ -81,13 +74,13 @@
concurrency = 1; concurrency = 1;
}; };
ipAddressPools.main.spec.addresses = ["192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe"]; ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe" ];
l2Advertisements.main.metadata = {}; l2Advertisements.main.metadata = { };
persistentVolumes = { persistentVolumes = {
music-syncthing.spec = { music-syncthing.spec = {
capacity.storage = "1Gi"; capacity.storage = "1Gi";
accessModes = ["ReadWriteMany"]; accessModes = [ "ReadWriteMany" ];
nfs = { nfs = {
server = "lewis.dmz"; server = "lewis.dmz";
@ -97,7 +90,7 @@
media-media.spec = { media-media.spec = {
capacity.storage = "1Gi"; capacity.storage = "1Gi";
accessModes = ["ReadWriteMany"]; accessModes = [ "ReadWriteMany" ];
nfs = { nfs = {
server = "lewis.dmz"; server = "lewis.dmz";

16
modules/bootstrap-kube-system/default.nix
View file

@ -1,10 +1,4 @@
{ { config, lib, nixhelm, system, ... }: {
config,
lib,
nixhelm,
system,
...
}: {
options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system"; options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system";
config = lib.mkIf config.bootstrap-kube-system.enable { config = lib.mkIf config.bootstrap-kube-system.enable {
@ -35,12 +29,10 @@
server = "https://acme-v02.api.letsencrypt.org/directory"; server = "https://acme-v02.api.letsencrypt.org/directory";
email = "pim@kunis.nl"; email = "pim@kunis.nl";
privateKeySecretRef.name = "letsencrypt-private-key"; privateKeySecretRef.name = "letsencrypt-private-key";
solvers = [ solvers = [{
{ selector = { };
selector = {};
http01.ingress.class = "traefik"; http01.ingress.class = "traefik";
} }];
];
}; };
}; };
}; };

7
modules/cyberchef.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, globals, ... }: {
config,
lib,
globals,
...
}: {
options.cyberchef.enable = lib.mkEnableOption "cyberchef"; options.cyberchef.enable = lib.mkEnableOption "cyberchef";
config = lib.mkIf config.cyberchef.enable { config = lib.mkIf config.cyberchef.enable {

9
modules/dnsmasq.nix
View file

@ -1,11 +1,4 @@
{ { self, utils, globals, config, lib, ... }: {
self,
utils,
globals,
config,
lib,
...
}: {
options.dnsmasq.enable = lib.mkEnableOption "dnsmasq"; options.dnsmasq.enable = lib.mkEnableOption "dnsmasq";
config = lib.mkIf config.dnsmasq.enable { config = lib.mkIf config.dnsmasq.enable {

9
modules/forgejo/default.nix
View file

@ -1,14 +1,9 @@
{ { lib, config, globals, ... }: {
lib,
config,
globals,
...
}: {
options.forgejo.enable = lib.mkEnableOption "forgejo"; options.forgejo.enable = lib.mkEnableOption "forgejo";
config = lib.mkIf config.forgejo.enable { config = lib.mkIf config.forgejo.enable {
kubernetes.resources = { kubernetes.resources = {
secrets.forgejo.stringData.config = lib.generators.toINI {} (import ./config.nix); secrets.forgejo.stringData.config = lib.generators.toINI { } (import ./config.nix);
deployments.server.spec = { deployments.server.spec = {
selector.matchLabels.app = "forgejo"; selector.matchLabels.app = "forgejo";

13
modules/freshrss.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, globals, ... }: {
config,
lib,
globals,
...
}: {
options.freshrss.enable = lib.mkEnableOption "freshrss"; options.freshrss.enable = lib.mkEnableOption "freshrss";
config = lib.mkIf config.freshrss.enable { config = lib.mkIf config.freshrss.enable {
@ -48,12 +43,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/var/www/FreshRSS/data"; mountPath = "/var/www/FreshRSS/data";
} }];
];
}; };
volumes.data.persistentVolumeClaim.claimName = "data"; volumes.data.persistentVolumeClaim.claimName = "data";

15
modules/hedgedoc.nix
View file

@ -1,14 +1,9 @@
{ { config, lib, globals, ... }: {
config,
lib,
globals,
...
}: {
options.hedgedoc.enable = lib.mkEnableOption "hedgedoc"; options.hedgedoc.enable = lib.mkEnableOption "hedgedoc";
config = lib.mkIf config.hedgedoc.enable { config = lib.mkIf config.hedgedoc.enable {
kubernetes.resources = { kubernetes.resources = {
configMaps.hedgedoc-config.data.config = lib.generators.toJSON {} { configMaps.hedgedoc-config.data.config = lib.generators.toJSON { } {
useSSL = false; useSSL = false;
}; };
@ -111,12 +106,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "database"; name = "database";
mountPath = "/pgdata"; mountPath = "/pgdata";
} }];
];
}; };
volumes.database.persistentVolumeClaim.claimName = "database"; volumes.database.persistentVolumeClaim.claimName = "database";

31
modules/immich.nix
View file

@ -1,9 +1,4 @@
{ { globals, config, lib, ... }: {
globals,
config,
lib,
...
}: {
options.immich.enable = lib.mkEnableOption "immich"; options.immich.enable = lib.mkEnableOption "immich";
config = lib.mkIf config.immich.enable { config = lib.mkIf config.immich.enable {
@ -56,12 +51,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/usr/src/app/upload"; mountPath = "/usr/src/app/upload";
} }];
];
}; };
}; };
}; };
@ -97,12 +90,10 @@
ports.ml.containerPort = 3003; ports.ml.containerPort = 3003;
env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600"; env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600";
volumeMounts = [ volumeMounts = [{
{
name = "cache"; name = "cache";
mountPath = "/cache"; mountPath = "/cache";
} }];
];
}; };
}; };
}; };
@ -166,8 +157,8 @@
containers.postgres = { containers.postgres = {
image = globals.images.immich-postgres; image = globals.images.immich-postgres;
imagePullPolicy = "IfNotPresent"; imagePullPolicy = "IfNotPresent";
command = ["postgres"]; command = [ "postgres" ];
args = ["-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on"]; args = [ "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ];
ports.postgres.containerPort = 5432; ports.postgres.containerPort = 5432;
securityContext.runAsUser = 999; securityContext.runAsUser = 999;
securityContext.runAsGroup = 999; securityContext.runAsGroup = 999;
@ -184,12 +175,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/pgdata"; mountPath = "/pgdata";
} }];
];
}; };
}; };
}; };
@ -250,7 +239,7 @@
}; };
persistentVolumeClaims.cache.spec = { persistentVolumeClaims.cache.spec = {
accessModes = ["ReadWriteOnce"]; accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "5Gi"; resources.requests.storage = "5Gi";
}; };
}; };

9
modules/inbucket.nix
View file

@ -1,14 +1,9 @@
{ { globals, config, lib, ... }: {
globals,
config,
lib,
...
}: {
options.inbucket.enable = lib.mkEnableOption "inbucket"; options.inbucket.enable = lib.mkEnableOption "inbucket";
config = lib.mkIf config.inbucket.enable { config = lib.mkIf config.inbucket.enable {
kubernetes.resources = { kubernetes.resources = {
serviceAccounts.inbucket = {}; serviceAccounts.inbucket = { };
deployments.inbucket.spec = { deployments.inbucket.spec = {
selector.matchLabels.app = "inbucket"; selector.matchLabels.app = "inbucket";

37
modules/ingress.nix
View file

@ -1,9 +1,6 @@
{ { lib, config, ... }:
lib, let
config, ingressOpts = { name, ... }: {
...
}: let
ingressOpts = {name, ...}: {
options = { options = {
host = lib.mkOption { host = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -25,17 +22,17 @@
}; };
}; };
}; };
in { in
{
options = { options = {
lab.ingresses = lib.mkOption { lab.ingresses = lib.mkOption {
type = with lib.types; attrsOf (submodule ingressOpts); type = with lib.types; attrsOf (submodule ingressOpts);
default = {}; default = { };
}; };
}; };
config = { config = {
kubernetes.resources.ingresses = kubernetes.resources.ingresses = builtins.mapAttrs
builtins.mapAttrs
(name: ingress: { (name: ingress: {
metadata.annotations = { metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt"; "cert-manager.io/cluster-issuer" = "letsencrypt";
@ -45,12 +42,10 @@ in {
spec = { spec = {
ingressClassName = "traefik"; ingressClassName = "traefik";
rules = [ rules = [{
{
host = ingress.host; host = ingress.host;
http.paths = [ http.paths = [{
{
path = "/"; path = "/";
pathType = "Prefix"; pathType = "Prefix";
@ -58,17 +53,13 @@ in {
name = ingress.service.name; name = ingress.service.name;
port.name = ingress.service.portName; port.name = ingress.service.portName;
}; };
} }];
]; }];
}
];
tls = [ tls = [{
{
secretName = "${name}-tls"; secretName = "${name}-tls";
hosts = [ingress.host]; hosts = [ ingress.host ];
} }];
];
}; };
}) })
config.lab.ingresses; config.lab.ingresses;

13
modules/kitchenowl.nix
View file

@ -1,9 +1,4 @@
{ { lib, globals, config, ... }: {
lib,
globals,
config,
...
}: {
options.kitchenowl.enable = lib.mkEnableOption "kitchenowl"; options.kitchenowl.enable = lib.mkEnableOption "kitchenowl";
config = lib.mkIf config.kitchenowl.enable { config = lib.mkIf config.kitchenowl.enable {
@ -38,12 +33,10 @@
key = "jwtSecretKey"; key = "jwtSecretKey";
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/data"; mountPath = "/data";
} }];
];
}; };
securityContext = { securityContext = {

7
modules/kms.nix
View file

@ -1,9 +1,4 @@
{ { config, globals, lib, ... }: {
config,
globals,
lib,
...
}: {
options.kms.enable = lib.mkEnableOption "kms"; options.kms.enable = lib.mkEnableOption "kms";
config = lib.mkIf config.kms.enable { config = lib.mkIf config.kms.enable {

48
modules/longhorn-volume.nix
View file

@ -1,9 +1,6 @@
{ { lib, config, ... }:
lib, let
config, longhornVolumeOpts = { name, ... }: {
...
}: let
longhornVolumeOpts = {name, ...}: {
options = { options = {
storage = lib.mkOption { storage = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -16,7 +13,7 @@
}; };
}; };
longhornPVOpts = {name, ...}: { longhornPVOpts = { name, ... }: {
options = { options = {
storage = lib.mkOption { storage = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -24,7 +21,7 @@
}; };
}; };
longhornPVCOpts = {name, ...}: { longhornPVCOpts = { name, ... }: {
options = { options = {
volumeName = lib.mkOption { volumeName = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -37,34 +34,34 @@
}; };
}; };
}; };
in { in
{
options = { options = {
lab.longhornVolumes = lib.mkOption { lab.longhornVolumes = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornVolumeOpts); type = with lib.types; attrsOf (submodule longhornVolumeOpts);
default = {}; default = { };
}; };
lab.longhorn = { lab.longhorn = {
persistentVolume = lib.mkOption { persistentVolume = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornPVOpts); type = with lib.types; attrsOf (submodule longhornPVOpts);
default = {}; default = { };
}; };
persistentVolumeClaim = lib.mkOption { persistentVolumeClaim = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornPVCOpts); type = with lib.types; attrsOf (submodule longhornPVCOpts);
default = {}; default = { };
}; };
}; };
}; };
config = { config = {
kubernetes.resources = { kubernetes.resources = {
persistentVolumes = persistentVolumes = lib.mergeAttrs
lib.mergeAttrs
(builtins.mapAttrs (builtins.mapAttrs
(name: longhornVolume: { (name: longhornVolume: {
spec = { spec = {
accessModes = ["ReadWriteOnce"]; accessModes = [ "ReadWriteOnce" ];
capacity.storage = longhornVolume.storage; capacity.storage = longhornVolume.storage;
persistentVolumeReclaimPolicy = "Delete"; persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem"; volumeMode = "Filesystem";
@ -87,12 +84,10 @@ in {
staleReplicaTimeout = "30"; staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored"; unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML {} [ recurringJobSelector = lib.generators.toYAML { } [{
{
name = "backup-nfs"; name = "backup-nfs";
isGroup = false; isGroup = false;
} }];
];
}; };
}; };
}; };
@ -101,7 +96,7 @@ in {
(builtins.mapAttrs (builtins.mapAttrs
(name: longhornPV: { (name: longhornPV: {
spec = { spec = {
accessModes = ["ReadWriteOnce"]; accessModes = [ "ReadWriteOnce" ];
capacity.storage = longhornPV.storage; capacity.storage = longhornPV.storage;
persistentVolumeReclaimPolicy = "Delete"; persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem"; volumeMode = "Filesystem";
@ -119,24 +114,21 @@ in {
staleReplicaTimeout = "30"; staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored"; unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML {} [ recurringJobSelector = lib.generators.toYAML { } [{
{
name = "backup-nfs"; name = "backup-nfs";
isGroup = false; isGroup = false;
} }];
];
}; };
}; };
}; };
}) })
config.lab.longhorn.persistentVolume); config.lab.longhorn.persistentVolume);
persistentVolumeClaims = persistentVolumeClaims = lib.mergeAttrs
lib.mergeAttrs
(builtins.mapAttrs (builtins.mapAttrs
(name: longhornVolume: { (name: longhornVolume: {
spec = { spec = {
accessModes = ["ReadWriteOnce"]; accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = longhornVolume.storage; resources.requests.storage = longhornVolume.storage;
storageClassName = ""; storageClassName = "";
}; };
@ -145,7 +137,7 @@ in {
(builtins.mapAttrs (builtins.mapAttrs
(name: longhornPVC: { (name: longhornPVC: {
spec = { spec = {
accessModes = ["ReadWriteOnce"]; accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = longhornPVC.storage; resources.requests.storage = longhornPVC.storage;
storageClassName = ""; storageClassName = "";
volumeName = longhornPVC.volumeName; volumeName = longhornPVC.volumeName;

37
modules/media.nix
View file

@ -1,9 +1,4 @@
{ { globals, config, lib, ... }: {
globals,
config,
lib,
...
}: {
options.media.enable = lib.mkEnableOption "media"; options.media.enable = lib.mkEnableOption "media";
config = lib.mkIf config.media.enable { config = lib.mkIf config.media.enable {
@ -69,17 +64,13 @@
fsGroupChangePolicy = "OnRootMismatch"; fsGroupChangePolicy = "OnRootMismatch";
}; };
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [ affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{
{ matchExpressions = [{
matchExpressions = [
{
key = "hasMedia"; key = "hasMedia";
operator = "In"; operator = "In";
values = ["true"]; values = [ "true" ];
} }];
]; }];
}
];
}; };
}; };
}; };
@ -176,12 +167,10 @@
TZ.value = "Europe/Amsterdam"; TZ.value = "Europe/Amsterdam";
}; };
volumeMounts = [ volumeMounts = [{
{
name = "config"; name = "config";
mountPath = "/app/config"; mountPath = "/app/config";
} }];
];
}; };
securityContext = { securityContext = {
@ -285,12 +274,10 @@
TZ.value = "Europe/Amsterdam"; TZ.value = "Europe/Amsterdam";
}; };
volumeMounts = [ volumeMounts = [{
{
name = "config"; name = "config";
mountPath = "/config"; mountPath = "/config";
} }];
];
}; };
securityContext = { securityContext = {
@ -531,12 +518,12 @@
persistentVolumeClaims = { persistentVolumeClaims = {
jellyfin-cache.spec = { jellyfin-cache.spec = {
accessModes = ["ReadWriteOnce"]; accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "20Gi"; resources.requests.storage = "20Gi";
}; };
media.spec = { media.spec = {
accessModes = ["ReadWriteMany"]; accessModes = [ "ReadWriteMany" ];
storageClassName = ""; storageClassName = "";
resources.requests.storage = "1Mi"; resources.requests.storage = "1Mi";
volumeName = "media-media"; volumeName = "media-media";

13
modules/minecraft.nix
View file

@ -1,9 +1,4 @@
{ { lib, config, globals, ... }: {
lib,
config,
globals,
...
}: {
options.minecraft.enable = lib.mkEnableOption "minecraft"; options.minecraft.enable = lib.mkEnableOption "minecraft";
config = lib.mkIf config.minecraft.enable { config = lib.mkIf config.minecraft.enable {
@ -23,12 +18,10 @@
env.EULA.value = "TRUE"; env.EULA.value = "TRUE";
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/data"; mountPath = "/data";
} }];
];
}; };
securityContext = { securityContext = {

33
modules/nextcloud.nix
View file

@ -1,9 +1,4 @@
{ { lib, config, globals, ... }: {
lib,
config,
globals,
...
}: {
options.nextcloud.enable = lib.mkEnableOption "nextcloud"; options.nextcloud.enable = lib.mkEnableOption "nextcloud";
config = lib.mkIf config.nextcloud.enable { config = lib.mkIf config.nextcloud.enable {
@ -50,12 +45,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/var/www/html"; mountPath = "/var/www/html";
} }];
];
}; };
securityContext = { securityContext = {
@ -63,18 +56,14 @@
fsGroupChangePolicy = "OnRootMismatch"; fsGroupChangePolicy = "OnRootMismatch";
}; };
affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [ affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
{
weight = 1; weight = 1;
preference.matchExpressions = [ preference.matchExpressions = [{
{
key = "storageType"; key = "storageType";
operator = "In"; operator = "In";
values = ["fast"]; values = [ "fast" ];
} }];
]; }];
}
];
}; };
}; };
}; };
@ -108,12 +97,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "database"; name = "database";
mountPath = "/pgdata"; mountPath = "/pgdata";
} }];
];
}; };
volumes.database.persistentVolumeClaim.claimName = "database"; volumes.database.persistentVolumeClaim.claimName = "database";

15
modules/ntfy.nix
View file

@ -1,14 +1,9 @@
{ { lib, config, globals, ... }: {
lib,
config,
globals,
...
}: {
options.ntfy.enable = lib.mkEnableOption "ntfy"; options.ntfy.enable = lib.mkEnableOption "ntfy";
config = lib.mkIf config.ntfy.enable { config = lib.mkIf config.ntfy.enable {
kubernetes.resources = { kubernetes.resources = {
configMaps.ntfy.data.config = lib.generators.toYAML {} { configMaps.ntfy.data.config = lib.generators.toYAML { } {
base-url = "https://ntfy.kun.is"; base-url = "https://ntfy.kun.is";
cache-file = "/var/cache/ntfy/cache.db"; cache-file = "/var/cache/ntfy/cache.db";
cache-duration = "14d"; cache-duration = "14d";
@ -40,7 +35,7 @@
image = globals.images.ntfy; image = globals.images.ntfy;
ports.web.containerPort = 80; ports.web.containerPort = 80;
env.TZ.value = "Europe/Amsterdam"; env.TZ.value = "Europe/Amsterdam";
args = ["serve"]; args = [ "serve" ];
volumeMounts = [ volumeMounts = [
{ {
@ -75,12 +70,12 @@
persistentVolumeClaims = { persistentVolumeClaims = {
cache.spec = { cache.spec = {
accessModes = ["ReadWriteOnce"]; accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "300Mi"; resources.requests.storage = "300Mi";
}; };
attachment-cache.spec = { attachment-cache.spec = {
accessModes = ["ReadWriteOnce"]; accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "500Mi"; resources.requests.storage = "500Mi";
}; };
}; };

25
modules/paperless.nix
View file

@ -1,9 +1,4 @@
{ { globals, lib, config, ... }: {
globals,
lib,
config,
...
}: {
options.paperless.enable = lib.mkEnableOption "paperless"; options.paperless.enable = lib.mkEnableOption "paperless";
config = lib.mkIf config.paperless.enable { config = lib.mkIf config.paperless.enable {
@ -69,12 +64,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/data"; mountPath = "/data";
} }];
];
}; };
securityContext = { securityContext = {
@ -114,12 +107,10 @@
ports.redis.containerPort = 6379; ports.redis.containerPort = 6379;
imagePullPolicy = "IfNotPresent"; imagePullPolicy = "IfNotPresent";
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/data"; mountPath = "/data";
} }];
];
}; };
securityContext = { securityContext = {
@ -168,12 +159,10 @@
}; };
}; };
volumeMounts = [ volumeMounts = [{
{
name = "data"; name = "data";
mountPath = "/pgdata"; mountPath = "/pgdata";
} }];
];
}; };
volumes.data.persistentVolumeClaim.claimName = "database"; volumes.data.persistentVolumeClaim.claimName = "database";

7
modules/pihole.nix
View file

@ -1,9 +1,4 @@
{ { globals, config, lib, ... }: {
globals,
config,
lib,
...
}: {
options.pihole.enable = lib.mkEnableOption "pihole"; options.pihole.enable = lib.mkEnableOption "pihole";
config = lib.mkIf config.pihole.enable { config = lib.mkIf config.pihole.enable {

13
modules/radicale.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, globals, ... }: {
config,
lib,
globals,
...
}: {
options.radicale.enable = lib.mkEnableOption "radicale"; options.radicale.enable = lib.mkEnableOption "radicale";
config = lib.mkIf config.radicale.enable { config = lib.mkIf config.radicale.enable {
@ -11,7 +6,7 @@
configMaps.server.data = { configMaps.server.data = {
users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";
config = lib.generators.toINI {} { config = lib.generators.toINI { } {
server = { server = {
hosts = "0.0.0.0:5232, [::]:5232"; hosts = "0.0.0.0:5232, [::]:5232";
ssl = false; ssl = false;
@ -36,8 +31,8 @@
filesystem_folder = "/data"; filesystem_folder = "/data";
}; };
logging = {}; logging = { };
headers = {}; headers = { };
}; };
}; };

11
modules/syncthing.nix
View file

@ -1,14 +1,9 @@
{ { globals, config, lib, ... }: {
globals,
config,
lib,
...
}: {
options.syncthing.enable = lib.mkEnableOption "syncthing"; options.syncthing.enable = lib.mkEnableOption "syncthing";
config = lib.mkIf config.syncthing.enable { config = lib.mkIf config.syncthing.enable {
kubernetes.resources = { kubernetes.resources = {
serviceAccounts.syncthing = {}; serviceAccounts.syncthing = { };
deployments.syncthing.spec = { deployments.syncthing.spec = {
selector.matchLabels.app = "syncthing"; selector.matchLabels.app = "syncthing";
@ -76,7 +71,7 @@
}; };
persistentVolumeClaims.music.spec = { persistentVolumeClaims.music.spec = {
accessModes = ["ReadWriteMany"]; accessModes = [ "ReadWriteMany" ];
storageClassName = ""; storageClassName = "";
resources.requests.storage = "1Mi"; resources.requests.storage = "1Mi";
volumeName = "music-syncthing"; volumeName = "music-syncthing";

45
modules/tailscale-ingress.nix
View file

@ -1,16 +1,12 @@
{ { lib, config, ... }: {
lib,
config,
...
}: {
options = with lib.types; { options = with lib.types; {
lab.tailscaleIngresses = lib.mkOption { lab.tailscaleIngresses = lib.mkOption {
type = attrsOf (submodule { type = attrsOf (submodule {
options = { options = {
host = lib.mkOption {type = str;}; host = lib.mkOption { type = str; };
service = { service = {
name = lib.mkOption {type = str;}; name = lib.mkOption { type = str; };
portName = lib.mkOption { portName = lib.mkOption {
type = str; type = str;
@ -20,24 +16,20 @@
}; };
}); });
default = {}; default = { };
}; };
}; };
config = let config =
let
cfg = config.lab.tailscaleIngresses; cfg = config.lab.tailscaleIngresses;
mkTailscaleIngress = name: { mkTailscaleIngress = name: { host, service }: {
host,
service,
}: {
spec = { spec = {
ingressClassName = "tailscale"; ingressClassName = "tailscale";
rules = [ rules = [{
{ http.paths = [{
http.paths = [
{
path = "/"; path = "/";
pathType = "Prefix"; pathType = "Prefix";
@ -45,19 +37,16 @@
name = service.name; name = service.name;
port.name = service.portName; port.name = service.portName;
}; };
} }];
]; }];
}
];
tls = [ tls = [{
hosts = [ host ];
}];
};
};
in
{ {
hosts = [host];
}
];
};
};
in {
kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg; kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg;
}; };
} }

8
modules/tailscale.nix
View file

@ -1,10 +1,4 @@
{ { nixhelm, system, config, lib, ... }: {
nixhelm,
system,
config,
lib,
...
}: {
options.tailscale.enable = lib.mkEnableOption "tailscale"; options.tailscale.enable = lib.mkEnableOption "tailscale";
config = lib.mkIf config.tailscale.enable { config = lib.mkIf config.tailscale.enable {

11
modules/traefik.nix
View file

@ -1,9 +1,4 @@
{ { lib, globals, config, ... }: {
lib,
globals,
config,
...
}: {
options.traefik.enable = lib.mkEnableOption "traefik"; options.traefik.enable = lib.mkEnableOption "traefik";
config = lib.mkIf config.traefik.enable { config = lib.mkIf config.traefik.enable {
@ -13,7 +8,7 @@
# Override Traefik's service with a static load balancer IP. # Override Traefik's service with a static load balancer IP.
# Create endpoint for HTTPS on port 444. # Create endpoint for HTTPS on port 444.
# Allow external name services for servers in LAN. # Allow external name services for servers in LAN.
spec.valuesContent = lib.generators.toYAML {} { spec.valuesContent = lib.generators.toYAML { } {
providers.kubernetesIngress.allowExternalNameServices = true; providers.kubernetesIngress.allowExternalNameServices = true;
service.loadBalancerIP = globals.traefikIPv4; service.loadBalancerIP = globals.traefikIPv4;
@ -28,7 +23,7 @@
enabled = true; enabled = true;
options = ""; options = "";
certResolver = ""; certResolver = "";
domains = []; domains = [ ];
}; };
}; };

26
scripts/default.nix
View file

@ -1,31 +1,23 @@
{ { nixpkgs, flutils, ... }: flutils.lib.eachDefaultSystem (system:
nixpkgs, let
flake-utils,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
createScript = { createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:
name, let
runtimeInputs,
scriptPath,
extraWrapperFlags ? "",
...
}: let
script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out"; buildCommand = "${old.buildCommand}\n patchShebangs $out";
}); });
in in
pkgs.symlinkJoin { pkgs.symlinkJoin {
inherit name; inherit name;
paths = [script] ++ runtimeInputs; paths = [ script ] ++ runtimeInputs;
buildInputs = [pkgs.makeWrapper]; buildInputs = [ pkgs.makeWrapper ];
postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}"; postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}";
}; };
in { in
{
packages.gen-k3s-cert = createScript { packages.gen-k3s-cert = createScript {
name = "create-k3s-cert"; name = "create-k3s-cert";
runtimeInputs = with pkgs; [openssl coreutils openssh yq]; runtimeInputs = with pkgs; [ openssl coreutils openssh yq ];
scriptPath = ./gen-k3s-cert.sh; scriptPath = ./gen-k3s-cert.sh;
}; };
}) })

4
treefmt.nix
View file

@ -1,4 +0,0 @@
{...}: {
projectRootFile = "flake.nix";
programs.alejandra.enable = true;
}

21
utils.nix
View file

@ -1,21 +1,10 @@
{ { pkgs, nixpkgs, nixng, globals, ... }: {
pkgs, mkNixNGImage = name: file:
nixpkgs, let
nixng, stream = (import file {
globals,
...
}: {
mkNixNGImage = name: file: let
stream =
(import file {
inherit nixpkgs nixng globals; inherit nixpkgs nixng globals;
inherit (nixng) nglib; inherit (nixng) nglib;
}) }).config.system.build.ociImage.stream;
.config
.system
.build
.ociImage
.stream;
in in
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "${name}.tar"; name = "${name}.tar";