feat(pihole): Move to separate k8s namespace

This commit is contained in:
Pim Kunis 2024-07-16 15:46:13 +02:00
parent c8ddbb6aeb
commit 2853429dc4
6 changed files with 59 additions and 49 deletions

View file

@ -64,6 +64,7 @@ Currently, the applications being deployed like this are:
- `forgejo` - `forgejo`
- `paperless-ngx` - `paperless-ngx`
- `syncthing` - `syncthing`
- `pihole`
## Known bugs ## Known bugs

View file

@ -88,4 +88,6 @@
"${self}/kubenix-modules/paperless.nix" "paperless" "paperless"; "${self}/kubenix-modules/paperless.nix" "paperless" "paperless";
kubenix.syncthing = mkDeployScriptAndManifest kubenix.syncthing = mkDeployScriptAndManifest
"${self}/kubenix-modules/syncthing.nix" "syncthing" "syncthing"; "${self}/kubenix-modules/syncthing.nix" "syncthing" "syncthing";
kubenix.pihole = mkDeployScriptAndManifest
"${self}/kubenix-modules/pihole.nix" "pihole" "pihole";
}) })

View file

@ -1,7 +1,6 @@
let let
applications = [ applications = [
./inbucket.nix ./inbucket.nix
./pihole.nix
./media.nix ./media.nix
./bind9 ./bind9
./dnsmasq.nix ./dnsmasq.nix

View file

@ -72,6 +72,7 @@
forgejo = { }; forgejo = { };
paperless = { }; paperless = { };
syncthing = { }; syncthing = { };
pihole = { };
}; };
nodes = nodes =

View file

@ -1,16 +1,8 @@
{ myLib, ... }: { { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
configMaps.pihole.data = {
TZ = "Europe/Amsterdam";
PIHOLE_DNS_ = "192.168.30.1";
};
secrets.pihole.stringData.webPassword = "ref+sops://secrets/kubernetes.yaml#/pihole/password"; secrets.pihole.stringData.webPassword = "ref+sops://secrets/kubernetes.yaml#/pihole/password";
deployments.pihole = { deployments.pihole.spec = {
metadata.labels.app = "pihole";
spec = {
selector.matchLabels.app = "pihole"; selector.matchLabels.app = "pihole";
template = { template = {
@ -19,7 +11,16 @@
spec = { spec = {
containers.pihole = { containers.pihole = {
image = "pihole/pihole:latest"; image = "pihole/pihole:latest";
envFrom = [{ configMapRef.name = "pihole"; }];
env = {
TZ.value = "Europe/Amsterdam";
PIHOLE_DNS_.value = "192.168.30.1";
WEBPASSWORD.valueFrom.secretKeyRef = {
name = "pihole";
key = "webPassword";
};
};
ports = { ports = {
web.containerPort = 80; web.containerPort = 80;
@ -30,11 +31,6 @@
}; };
}; };
env.WEBPASSWORD.valueFrom.secretKeyRef = {
name = "pihole";
key = "webPassword";
};
volumeMounts = [ volumeMounts = [
{ {
name = "data"; name = "data";
@ -48,8 +44,8 @@
}; };
volumes = { volumes = {
data.persistentVolumeClaim.claimName = "pihole-data"; data.persistentVolumeClaim.claimName = "data";
dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq"; dnsmasq.persistentVolumeClaim.claimName = "dnsmasq";
}; };
securityContext = { securityContext = {
@ -59,10 +55,9 @@
}; };
}; };
}; };
};
services = { services = {
pihole-web.spec = { web.spec = {
selector.app = "pihole"; selector.app = "pihole";
ports.web = { ports.web = {
@ -71,7 +66,7 @@
}; };
}; };
pihole-dns.spec = { dns.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = myLib.globals.piholeIPv4; loadBalancerIP = myLib.globals.piholeIPv4;
selector.app = "pihole"; selector.app = "pihole";
@ -91,9 +86,21 @@
entrypoint = "localsecure"; entrypoint = "localsecure";
service = { service = {
name = "pihole-web"; name = "web";
portName = "web"; portName = "web";
}; };
}; };
longhorn.persistentVolumeClaim = {
data = {
volumeName = "pihole-data";
storage = "750Mi";
};
dnsmasq = {
volumeName = "pihole-dnsmasq";
storage = "16Mi";
};
};
}; };
} }

View file

@ -25,8 +25,6 @@
lab = { lab = {
longhornVolumes = { longhornVolumes = {
minecraft.storage = "1Gi"; minecraft.storage = "1Gi";
pihole-data.storage = "750Mi";
pihole-dnsmasq.storage = "16Mi";
jellyfin.storage = "5Gi"; jellyfin.storage = "5Gi";
transmission.storage = "25Mi"; transmission.storage = "25Mi";
jellyseerr.storage = "75Mi"; jellyseerr.storage = "75Mi";
@ -55,6 +53,8 @@
paperless-redisdata.storage = "20Mi"; paperless-redisdata.storage = "20Mi";
paperless-db.storage = "150Mi"; paperless-db.storage = "150Mi";
syncthing.storage = "400Mi"; syncthing.storage = "400Mi";
pihole-data.storage = "750Mi";
pihole-dnsmasq.storage = "16Mi";
}; };
nfsVolumes = { nfsVolumes = {