feat(pihole): Move to separate k8s namespace

README.md

@@ -64,6 +64,7 @@ Currently, the applications being deployed like this are:
 - `forgejo`
 - `paperless-ngx`
 - `syncthing`
+- `pihole`
 
 ## Known bugs
 

flake-parts/kubenix.nix

@@ -88,4 +88,6 @@
       "${self}/kubenix-modules/paperless.nix" "paperless" "paperless";
     kubenix.syncthing = mkDeployScriptAndManifest
       "${self}/kubenix-modules/syncthing.nix" "syncthing" "syncthing";
+    kubenix.pihole = mkDeployScriptAndManifest
+      "${self}/kubenix-modules/pihole.nix" "pihole" "pihole";
   })

kubenix-modules/all.nix

@@ -1,7 +1,6 @@
 let
   applications = [
     ./inbucket.nix
-    ./pihole.nix
     ./media.nix
     ./bind9
     ./dnsmasq.nix

kubenix-modules/base.nix

@@ -72,6 +72,7 @@
           forgejo = { };
           paperless = { };
           syncthing = { };
+          pihole = { };
         };
 
         nodes =

kubenix-modules/pihole.nix

@@ -1,16 +1,8 @@
 { myLib, ... }: {
   kubernetes.resources = {
-    configMaps.pihole.data = {
-      TZ = "Europe/Amsterdam";
-      PIHOLE_DNS_ = "192.168.30.1";
-    };
-
     secrets.pihole.stringData.webPassword = "ref+sops://secrets/kubernetes.yaml#/pihole/password";
 
-    deployments.pihole = {
-      metadata.labels.app = "pihole";
-
-      spec = {
+    deployments.pihole.spec = {
       selector.matchLabels.app = "pihole";
 
       template = {
@@ -19,7 +11,16 @@
         spec = {
           containers.pihole = {
             image = "pihole/pihole:latest";
-              envFrom = [{ configMapRef.name = "pihole"; }];
+
+            env = {
+              TZ.value = "Europe/Amsterdam";
+              PIHOLE_DNS_.value = "192.168.30.1";
+
+              WEBPASSWORD.valueFrom.secretKeyRef = {
+                name = "pihole";
+                key = "webPassword";
+              };
+            };
 
             ports = {
               web.containerPort = 80;
@@ -30,11 +31,6 @@
               };
             };
 
-              env.WEBPASSWORD.valueFrom.secretKeyRef = {
-                name = "pihole";
-                key = "webPassword";
-              };
-
             volumeMounts = [
               {
                 name = "data";
@@ -48,8 +44,8 @@
           };
 
           volumes = {
-              data.persistentVolumeClaim.claimName = "pihole-data";
-              dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq";
+            data.persistentVolumeClaim.claimName = "data";
+            dnsmasq.persistentVolumeClaim.claimName = "dnsmasq";
           };
 
           securityContext = {
@@ -59,10 +55,9 @@
         };
       };
     };
-    };
 
     services = {
-      pihole-web.spec = {
+      web.spec = {
         selector.app = "pihole";
 
         ports.web = {
@@ -71,7 +66,7 @@
         };
       };
 
-      pihole-dns.spec = {
+      dns.spec = {
         type = "LoadBalancer";
         loadBalancerIP = myLib.globals.piholeIPv4;
         selector.app = "pihole";
@@ -91,9 +86,21 @@
       entrypoint = "localsecure";
 
       service = {
-        name = "pihole-web";
+        name = "web";
         portName = "web";
       };
     };
+
+    longhorn.persistentVolumeClaim = {
+      data = {
+        volumeName = "pihole-data";
+        storage = "750Mi";
+      };
+
+      dnsmasq = {
+        volumeName = "pihole-dnsmasq";
+        storage = "16Mi";
+      };
+    };
   };
 }

kubenix-modules/volumes.nix

@@ -25,8 +25,6 @@
   lab = {
     longhornVolumes = {
       minecraft.storage = "1Gi";
-      pihole-data.storage = "750Mi";
-      pihole-dnsmasq.storage = "16Mi";
       jellyfin.storage = "5Gi";
       transmission.storage = "25Mi";
       jellyseerr.storage = "75Mi";
@@ -55,6 +53,8 @@
       paperless-redisdata.storage = "20Mi";
       paperless-db.storage = "150Mi";
       syncthing.storage = "400Mi";
+      pihole-data.storage = "750Mi";
+      pihole-dnsmasq.storage = "16Mi";
     };
 
     nfsVolumes = {