diff --git a/docker_swarm/playbooks/stacks.yml b/docker_swarm/playbooks/stacks.yml index dd8c2d0..f0c73b2 100644 --- a/docker_swarm/playbooks/stacks.yml +++ b/docker_swarm/playbooks/stacks.yml @@ -6,7 +6,6 @@ - {role: forgejo, tags: forgejo} - {role: radicale, tags: radicale} - {role: hedgedoc, tags: hedgedoc} - - {role: inbucket, tags: inbucket} - {role: swarm_dashboard, tags: swarm_dashboard} - {role: pihole, tags: pihole} - {role: nextcloud, tags: nextcloud} diff --git a/docker_swarm/roles/traefik/docker-stack.yml.j2 b/docker_swarm/roles/traefik/docker-stack.yml.j2 index af985fa..bffa3ed 100644 --- a/docker_swarm/roles/traefik/docker-stack.yml.j2 +++ b/docker_swarm/roles/traefik/docker-stack.yml.j2 @@ -66,6 +66,12 @@ services: - traefik.http.routers.freshrss.rule=Host(`rss.kun.is`) - traefik.http.routers.freshrss.tls=true - traefik.http.routers.freshrss.tls.certresolver=letsencrypt + + - traefik.http.routers.inbucket.entrypoints=localsecure + - traefik.http.routers.inbucket.service=k3s@file + - traefik.http.routers.inbucket.rule=Host(`inbucket.kun.is`) + - traefik.http.routers.inbucket.tls=true + - traefik.http.routers.inbucket.tls.certresolver=letsencrypt volumes: - type: bind source: /var/run/docker.sock diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix index 9d74871..beb8058 100644 --- a/nix/flake/kubenix/default.nix +++ b/nix/flake/kubenix/default.nix @@ -10,6 +10,7 @@ ./freshrss.nix ./cyberchef.nix ./kms.nix + ./inbucket.nix ]; kubernetes.kubeconfig = "~/.kube/config"; kubenix.project = "home"; diff --git a/nix/flake/kubenix/freshrss.nix b/nix/flake/kubenix/freshrss.nix index 648121c..8de2b9c 100644 --- a/nix/flake/kubenix/freshrss.nix +++ b/nix/flake/kubenix/freshrss.nix @@ -7,6 +7,7 @@ PUBLISHED_PORT = "443"; }; + # TODO: encrypt this with sops and commit to git repo. secrets.freshrss.stringData.adminPassword = "ref+file:///home/pim/.config/home/vals.yaml"; deployments.freshrss = { diff --git a/nix/flake/kubenix/inbucket.nix b/nix/flake/kubenix/inbucket.nix new file mode 100644 index 0000000..8ed67bf --- /dev/null +++ b/nix/flake/kubenix/inbucket.nix @@ -0,0 +1,74 @@ +{ + kubernetes.resources = { + deployments.inbucket = { + metadata.labels.app = "inbucket"; + + spec = { + selector.matchLabels.app = "inbucket"; + + template = { + metadata.labels.app = "inbucket"; + + spec = { + containers.inbucket = { + image = "inbucket/inbucket:edge"; + + # TODO: investigate the use of named ports. + ports = [ + { + containerPort = 9000; + protocol = "TCP"; + } + { + containerPort = 2500; + protocol = "TCP"; + } + ]; + }; + }; + }; + }; + }; + + services = { + inbucket-web.spec = { + selector.app = "inbucket"; + + ports = [{ + protocol = "TCP"; + port = 80; + targetPort = 9000; + }]; + }; + + inbucket-email.spec = { + type = "LoadBalancer"; + loadBalancerIP = "192.168.30.130"; + selector.app = "inbucket"; + + ports = [{ + port = 25; + targetPort = 2500; + }]; + }; + }; + + ingresses.inbucket.spec = { + ingressClassName = "traefik"; + + rules = [{ + host = "inbucket.kun.is"; + + http.paths = [{ + path = "/"; + pathType = "Prefix"; + + backend.service = { + name = "inbucket-web"; + port.number = 80; + }; + }]; + }]; + }; + }; +}