From 2853429dc4f6af26f487207b26d720043308e4c1 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Tue, 16 Jul 2024 15:46:13 +0200 Subject: [PATCH] feat(pihole): Move to separate k8s namespace --- README.md | 1 + flake-parts/kubenix.nix | 2 + kubenix-modules/all.nix | 1 - kubenix-modules/base.nix | 1 + kubenix-modules/pihole.nix | 99 ++++++++++++++++++++----------------- kubenix-modules/volumes.nix | 4 +- 6 files changed, 59 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 9254a9e..cddc9e6 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ Currently, the applications being deployed like this are: - `forgejo` - `paperless-ngx` - `syncthing` +- `pihole` ## Known bugs diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index 79af1d6..e844af8 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -88,4 +88,6 @@ "${self}/kubenix-modules/paperless.nix" "paperless" "paperless"; kubenix.syncthing = mkDeployScriptAndManifest "${self}/kubenix-modules/syncthing.nix" "syncthing" "syncthing"; + kubenix.pihole = mkDeployScriptAndManifest + "${self}/kubenix-modules/pihole.nix" "pihole" "pihole"; }) diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix index fc671de..716cbd7 100644 --- a/kubenix-modules/all.nix +++ b/kubenix-modules/all.nix @@ -1,7 +1,6 @@ let applications = [ ./inbucket.nix - ./pihole.nix ./media.nix ./bind9 ./dnsmasq.nix diff --git a/kubenix-modules/base.nix b/kubenix-modules/base.nix index 3d281da..f226da6 100644 --- a/kubenix-modules/base.nix +++ b/kubenix-modules/base.nix @@ -72,6 +72,7 @@ forgejo = { }; paperless = { }; syncthing = { }; + pihole = { }; }; nodes = diff --git a/kubenix-modules/pihole.nix b/kubenix-modules/pihole.nix index 3a61246..52f4ec7 100644 --- a/kubenix-modules/pihole.nix +++ b/kubenix-modules/pihole.nix @@ -1,68 +1,63 @@ { myLib, ... }: { kubernetes.resources = { - configMaps.pihole.data = { - TZ = "Europe/Amsterdam"; - PIHOLE_DNS_ = "192.168.30.1"; - }; - secrets.pihole.stringData.webPassword = "ref+sops://secrets/kubernetes.yaml#/pihole/password"; - deployments.pihole = { - metadata.labels.app = "pihole"; + deployments.pihole.spec = { + selector.matchLabels.app = "pihole"; - spec = { - selector.matchLabels.app = "pihole"; + template = { + metadata.labels.app = "pihole"; - template = { - metadata.labels.app = "pihole"; + spec = { + containers.pihole = { + image = "pihole/pihole:latest"; - spec = { - containers.pihole = { - image = "pihole/pihole:latest"; - envFrom = [{ configMapRef.name = "pihole"; }]; + env = { + TZ.value = "Europe/Amsterdam"; + PIHOLE_DNS_.value = "192.168.30.1"; - ports = { - web.containerPort = 80; - - dns = { - containerPort = 53; - protocol = "UDP"; - }; - }; - - env.WEBPASSWORD.valueFrom.secretKeyRef = { + WEBPASSWORD.valueFrom.secretKeyRef = { name = "pihole"; key = "webPassword"; }; - - volumeMounts = [ - { - name = "data"; - mountPath = "/etc/pihole"; - } - { - name = "dnsmasq"; - mountPath = "/etc/dnsmasq.d"; - } - ]; }; - volumes = { - data.persistentVolumeClaim.claimName = "pihole-data"; - dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq"; + ports = { + web.containerPort = 80; + + dns = { + containerPort = 53; + protocol = "UDP"; + }; }; - securityContext = { - fsGroup = 1000; - fsGroupChangePolicy = "OnRootMismatch"; - }; + volumeMounts = [ + { + name = "data"; + mountPath = "/etc/pihole"; + } + { + name = "dnsmasq"; + mountPath = "/etc/dnsmasq.d"; + } + ]; + }; + + volumes = { + data.persistentVolumeClaim.claimName = "data"; + dnsmasq.persistentVolumeClaim.claimName = "dnsmasq"; + }; + + securityContext = { + fsGroup = 1000; + fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; services = { - pihole-web.spec = { + web.spec = { selector.app = "pihole"; ports.web = { @@ -71,7 +66,7 @@ }; }; - pihole-dns.spec = { + dns.spec = { type = "LoadBalancer"; loadBalancerIP = myLib.globals.piholeIPv4; selector.app = "pihole"; @@ -91,9 +86,21 @@ entrypoint = "localsecure"; service = { - name = "pihole-web"; + name = "web"; portName = "web"; }; }; + + longhorn.persistentVolumeClaim = { + data = { + volumeName = "pihole-data"; + storage = "750Mi"; + }; + + dnsmasq = { + volumeName = "pihole-dnsmasq"; + storage = "16Mi"; + }; + }; }; } diff --git a/kubenix-modules/volumes.nix b/kubenix-modules/volumes.nix index 5431a25..9ee626d 100644 --- a/kubenix-modules/volumes.nix +++ b/kubenix-modules/volumes.nix @@ -25,8 +25,6 @@ lab = { longhornVolumes = { minecraft.storage = "1Gi"; - pihole-data.storage = "750Mi"; - pihole-dnsmasq.storage = "16Mi"; jellyfin.storage = "5Gi"; transmission.storage = "25Mi"; jellyseerr.storage = "75Mi"; @@ -55,6 +53,8 @@ paperless-redisdata.storage = "20Mi"; paperless-db.storage = "150Mi"; syncthing.storage = "400Mi"; + pihole-data.storage = "750Mi"; + pihole-dnsmasq.storage = "16Mi"; }; nfsVolumes = {