2024-03-24 20:23:17 +00:00
|
|
|
{ self, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem
|
2024-03-23 16:24:39 +00:00
|
|
|
(system: {
|
2024-04-07 12:07:05 +00:00
|
|
|
kubenix = kubenix.packages.${system}.default.override
|
|
|
|
{
|
2024-04-10 21:23:22 +00:00
|
|
|
specialArgs = {
|
|
|
|
flake = self;
|
2024-04-12 19:40:24 +00:00
|
|
|
inherit nixhelm system;
|
2024-04-10 21:23:22 +00:00
|
|
|
};
|
2024-03-23 16:24:39 +00:00
|
|
|
|
2024-04-07 12:07:05 +00:00
|
|
|
module = { kubenix, ... }: {
|
|
|
|
imports = [
|
|
|
|
kubenix.modules.k8s
|
|
|
|
kubenix.modules.helm
|
2024-04-12 19:40:24 +00:00
|
|
|
./base.nix
|
2024-04-07 12:07:05 +00:00
|
|
|
./freshrss.nix
|
|
|
|
./cyberchef.nix
|
|
|
|
./kms.nix
|
|
|
|
./inbucket.nix
|
|
|
|
./radicale.nix
|
|
|
|
./syncthing.nix
|
|
|
|
./nextcloud.nix
|
|
|
|
./pihole.nix
|
2024-04-09 06:45:45 +00:00
|
|
|
./hedgedoc.nix
|
2024-04-07 12:07:05 +00:00
|
|
|
./paperless-ngx.nix
|
|
|
|
./kitchenowl.nix
|
|
|
|
./forgejo.nix
|
|
|
|
./media.nix
|
2024-04-10 21:23:22 +00:00
|
|
|
./bind9.nix
|
2024-04-11 21:17:01 +00:00
|
|
|
./dnsmasq.nix
|
2024-04-07 12:07:05 +00:00
|
|
|
];
|
2024-03-23 16:24:39 +00:00
|
|
|
|
2024-04-07 12:07:05 +00:00
|
|
|
kubernetes = {
|
|
|
|
customTypes = {
|
|
|
|
# HACK: These are dummy custom types.
|
|
|
|
# This is needed, because the CRDs imported as a chart are not available as Nix modules.
|
|
|
|
# There is no nix-based validation on resources defined using these types!
|
|
|
|
# See: https://github.com/hall/kubenix/issues/34
|
|
|
|
ipAddressPool = {
|
|
|
|
attrName = "ipAddressPools";
|
|
|
|
group = "metallb.io";
|
|
|
|
version = "v1beta1";
|
|
|
|
kind = "IPAddressPool";
|
|
|
|
};
|
|
|
|
|
|
|
|
l2Advertisement = {
|
|
|
|
attrName = "l2Advertisements";
|
|
|
|
group = "metallb.io";
|
|
|
|
version = "v1beta1";
|
|
|
|
kind = "L2Advertisement";
|
|
|
|
};
|
2024-03-27 22:11:34 +00:00
|
|
|
|
2024-04-07 12:07:05 +00:00
|
|
|
helmChartConfig = {
|
|
|
|
attrName = "helmChartConfigs";
|
|
|
|
group = "helm.cattle.io";
|
|
|
|
version = "v1";
|
|
|
|
kind = "HelmChartConfig";
|
|
|
|
};
|
|
|
|
|
|
|
|
clusterIssuer = {
|
|
|
|
attrName = "clusterIssuers";
|
|
|
|
group = "cert-manager.io";
|
|
|
|
version = "v1";
|
|
|
|
kind = "ClusterIssuer";
|
|
|
|
};
|
2024-03-27 22:11:34 +00:00
|
|
|
};
|
2024-03-25 20:25:43 +00:00
|
|
|
|
2024-04-07 12:07:05 +00:00
|
|
|
# TODO: These resources should probably exist within the kube-system namespace.
|
|
|
|
resources = {
|
|
|
|
ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" ];
|
|
|
|
l2Advertisements.main.metadata = { };
|
|
|
|
|
2024-04-08 18:42:06 +00:00
|
|
|
# NOTE: The name of each helmChartConfig must match the relevant chart name!
|
2024-04-07 12:07:05 +00:00
|
|
|
# Override Traefik's service with a static load balancer IP.
|
2024-04-08 18:42:06 +00:00
|
|
|
helmChartConfigs = {
|
|
|
|
traefik = {
|
|
|
|
metadata.namespace = "kube-system";
|
2024-03-27 22:11:34 +00:00
|
|
|
|
2024-04-08 18:42:06 +00:00
|
|
|
spec.valuesContent = ''
|
|
|
|
service:
|
|
|
|
spec:
|
|
|
|
loadBalancerIP: "192.168.30.128"
|
|
|
|
ports:
|
|
|
|
localsecure:
|
|
|
|
port: 8444
|
|
|
|
expose: true
|
|
|
|
exposedPort: 444
|
|
|
|
protocol: TCP
|
|
|
|
tls:
|
|
|
|
enabled: true
|
|
|
|
options: ""
|
|
|
|
certResolver: ""
|
|
|
|
domains: []
|
2024-04-08 19:17:28 +00:00
|
|
|
providers:
|
|
|
|
kubernetesIngress:
|
|
|
|
allowExternalNameServices: true
|
2024-04-08 18:42:06 +00:00
|
|
|
'';
|
|
|
|
};
|
2024-04-07 12:07:05 +00:00
|
|
|
};
|
2024-03-27 22:11:34 +00:00
|
|
|
|
2024-04-07 12:07:05 +00:00
|
|
|
clusterIssuers.letsencrypt = {
|
|
|
|
metadata.namespace = "kube-system";
|
|
|
|
|
|
|
|
spec.acme = {
|
|
|
|
server = "https://acme-v02.api.letsencrypt.org/directory";
|
|
|
|
email = "pim@kunis.nl";
|
|
|
|
privateKeySecretRef.name = "letsencrypt-private-key";
|
|
|
|
solvers = [{
|
|
|
|
selector = { };
|
|
|
|
http01.ingress.class = "traefik";
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
};
|
2024-04-08 19:17:28 +00:00
|
|
|
|
|
|
|
services.esrom.spec = {
|
|
|
|
type = "ExternalName";
|
|
|
|
externalName = "esrom.dmz";
|
|
|
|
ports = [{
|
|
|
|
port = 80;
|
|
|
|
targetPort = 80;
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
|
|
|
|
ingresses.esrom = {
|
|
|
|
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
|
|
|
|
|
|
|
|
spec = {
|
|
|
|
ingressClassName = "traefik";
|
|
|
|
|
|
|
|
rules = [{
|
|
|
|
host = "esrom.kun.is";
|
|
|
|
|
|
|
|
http.paths = [{
|
|
|
|
path = "/";
|
|
|
|
pathType = "Prefix";
|
|
|
|
|
|
|
|
backend.service = {
|
|
|
|
name = "esrom";
|
|
|
|
port.number = 80;
|
|
|
|
};
|
|
|
|
}];
|
|
|
|
}];
|
|
|
|
|
|
|
|
tls = [{
|
|
|
|
secretName = "esrom-tls";
|
|
|
|
hosts = [ "esrom.kun.is" ];
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
};
|
2024-03-27 22:11:34 +00:00
|
|
|
};
|
2024-04-12 19:40:24 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-03-24 20:23:17 +00:00
|
|
|
|
2024-04-12 19:40:24 +00:00
|
|
|
kubenix-bootstrap = kubenix.packages.${system}.default.override
|
|
|
|
{
|
|
|
|
specialArgs = {
|
|
|
|
flake = self;
|
|
|
|
inherit nixhelm system;
|
|
|
|
};
|
2024-04-07 12:07:05 +00:00
|
|
|
|
2024-04-12 19:40:24 +00:00
|
|
|
module = { kubenix, ... }: {
|
|
|
|
imports = [
|
|
|
|
kubenix.modules.k8s
|
|
|
|
kubenix.modules.helm
|
|
|
|
./base.nix
|
|
|
|
];
|
2024-03-23 16:24:39 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|