home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

feat(pihole): Move to separate k8s namespace

Browse source
This commit is contained in:
Pim Kunis 2024-07-16 15:46:13 +02:00
parent c8ddbb6aeb
commit 2853429dc4
6 changed files with 59 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -64,6 +64,7 @@ Currently, the applications being deployed like this are:
- `forgejo`
- `paperless-ngx`
- `syncthing`
- `pihole`
## Known bugs

2
flake-parts/kubenix.nix
View file

@ -88,4 +88,6 @@
"${self}/kubenix-modules/paperless.nix" "paperless" "paperless";
kubenix.syncthing = mkDeployScriptAndManifest
"${self}/kubenix-modules/syncthing.nix" "syncthing" "syncthing";
kubenix.pihole = mkDeployScriptAndManifest
"${self}/kubenix-modules/pihole.nix" "pihole" "pihole";
})

1
kubenix-modules/all.nix
View file

@ -1,7 +1,6 @@
let
applications = [
./inbucket.nix
./pihole.nix
./media.nix
./bind9
./dnsmasq.nix

1
kubenix-modules/base.nix
View file

@ -72,6 +72,7 @@
forgejo = { };
paperless = { };
syncthing = { };
pihole = { };
};
nodes =

99
kubenix-modules/pihole.nix
View file

@ -1,68 +1,63 @@
{ myLib, ... }: {
kubernetes.resources = {
configMaps.pihole.data = {
TZ = "Europe/Amsterdam";
PIHOLE_DNS_ = "192.168.30.1";
};
secrets.pihole.stringData.webPassword = "ref+sops://secrets/kubernetes.yaml#/pihole/password";
deployments.pihole = {
metadata.labels.app = "pihole";
deployments.pihole.spec = {
selector.matchLabels.app = "pihole";
spec = {
selector.matchLabels.app = "pihole";
template = {
metadata.labels.app = "pihole";
template = {
metadata.labels.app = "pihole";
spec = {
containers.pihole = {
image = "pihole/pihole:latest";
spec = {
containers.pihole = {
image = "pihole/pihole:latest";
envFrom = [{ configMapRef.name = "pihole"; }];
env = {
TZ.value = "Europe/Amsterdam";
PIHOLE_DNS_.value = "192.168.30.1";
ports = {
web.containerPort = 80;
dns = {
containerPort = 53;
protocol = "UDP";
};
};
env.WEBPASSWORD.valueFrom.secretKeyRef = {
WEBPASSWORD.valueFrom.secretKeyRef = {
name = "pihole";
key = "webPassword";
};
volumeMounts = [
{
name = "data";
mountPath = "/etc/pihole";
}
{
name = "dnsmasq";
mountPath = "/etc/dnsmasq.d";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "pihole-data";
dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq";
ports = {
web.containerPort = 80;
dns = {
containerPort = 53;
protocol = "UDP";
};
};
securityContext = {
fsGroup = 1000;
fsGroupChangePolicy = "OnRootMismatch";
};
volumeMounts = [
{
name = "data";
mountPath = "/etc/pihole";
}
{
name = "dnsmasq";
mountPath = "/etc/dnsmasq.d";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "data";
dnsmasq.persistentVolumeClaim.claimName = "dnsmasq";
};
securityContext = {
fsGroup = 1000;
fsGroupChangePolicy = "OnRootMismatch";
};
};
};
};
services = {
pihole-web.spec = {
web.spec = {
selector.app = "pihole";
ports.web = {
@ -71,7 +66,7 @@
};
};
pihole-dns.spec = {
dns.spec = {
type = "LoadBalancer";
loadBalancerIP = myLib.globals.piholeIPv4;
selector.app = "pihole";
@ -91,9 +86,21 @@
entrypoint = "localsecure";
service = {
name = "pihole-web";
name = "web";
portName = "web";
};
};
longhorn.persistentVolumeClaim = {
data = {
volumeName = "pihole-data";
storage = "750Mi";
};
dnsmasq = {
volumeName = "pihole-dnsmasq";
storage = "16Mi";
};
};
};
}

4
kubenix-modules/volumes.nix
View file

@ -25,8 +25,6 @@
lab = {
longhornVolumes = {
minecraft.storage = "1Gi";
pihole-data.storage = "750Mi";
pihole-dnsmasq.storage = "16Mi";
jellyfin.storage = "5Gi";
transmission.storage = "25Mi";
jellyseerr.storage = "75Mi";
@ -55,6 +53,8 @@
paperless-redisdata.storage = "20Mi";
paperless-db.storage = "150Mi";
syncthing.storage = "400Mi";
pihole-data.storage = "750Mi";
pihole-dnsmasq.storage = "16Mi";
};
nfsVolumes = {