home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

expose cyberchef deployment on k3s publicly

Browse source 
remove geokunis2.nl zone
This commit is contained in:
Pim Kunis 2024-03-21 23:21:25 +01:00
parent 1662a60688
commit 476ec250ca
7 changed files with 71 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docker_swarm/roles/traefik/docker-stack.yml.j2
View file

@ -54,6 +54,12 @@ services:
- traefik.http.routers.esrom.rule=Host(`esrom.kun.is`) - traefik.http.routers.esrom.rule=Host(`esrom.kun.is`)
- traefik.http.routers.esrom.tls=true - traefik.http.routers.esrom.tls=true
- traefik.http.routers.esrom.tls.certresolver=letsencrypt - traefik.http.routers.esrom.tls.certresolver=letsencrypt
- traefik.http.routers.k3s.entrypoints=websecure
- traefik.http.routers.k3s.service=k3s@file
- traefik.http.routers.k3s.rule=Host(`cyberchef.k3s.kun.is`)
- traefik.http.routers.k3s.tls=true
- traefik.http.routers.k3s.tls.certresolver=letsencrypt
volumes: volumes:
- type: bind - type: bind
source: /var/run/docker.sock source: /var/run/docker.sock

4
docker_swarm/roles/traefik/services.yml
View file

@ -1,5 +1,9 @@
http: http:
services: services:
k3s:
loadBalancer:
servers:
- url: http://jefke.dmz
esrom: esrom:
loadBalancer: loadBalancer:
servers: servers:

53
kubernetes/mysite.yaml Normal file
View file

@ -0,0 +1,53 @@
---
# https://opensource.com/article/20/3/kubernetes-traefik
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysite-cyberchef
labels:
app: mysite-cyberchef
spec:
replicas: 1
selector:
matchLabels:
app: mysite-cyberchef
template:
metadata:
labels:
app: mysite-cyberchef
spec:
containers:
- name: cyberchef
image: mpepping/cyberchef
ports:
- containerPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: mysite-cyberchef-service
spec:
selector:
app: mysite-cyberchef
ports:
- protocol: TCP
port: 80
targetPort: 8000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mysite-cyberchef-ingress
annotations:
kubernetes.io/ingress.class: "traefik"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mysite-cyberchef-service
port:
number: 80

15
nix/modules/networking/dmz_services/default.nix
View file

@ -8,11 +8,6 @@ let
name = "kunis-zone-file"; name = "kunis-zone-file";
text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix inputs)); text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix inputs));
}; };
geokunis2nlZoneFile = pkgs.writeTextFile {
name = "geokunis2nl-zone-file";
text = (dns.lib.toString "geokunis2.nl" (import ./zones/geokunis2.nl.nix inputs));
};
in in
{ {
options.lab.networking.dmz.services.enable = lib.mkOption { options.lab.networking.dmz.services.enable = lib.mkOption {
@ -51,16 +46,6 @@ in
file = kunisZoneFile; file = kunisZoneFile;
allowQuery = [ "any" ]; allowQuery = [ "any" ];
}; };
"geokunis2.nl" = {
master = true;
file = geokunis2nlZoneFile;
allowQuery = [ "any" ];
slaves = [
"87.253.155.96/27"
"157.97.168.160/27"
];
};
}; };
}; };

5
nix/modules/networking/dmz_services/dnsmasq.nix
View file

@ -23,7 +23,6 @@ in
server = [ server = [
cfg.dmz.ipv4.router cfg.dmz.ipv4.router
"/geokunis2.nl/${cfg.dmz.ipv4.services}"
"/kun.is/${cfg.dmz.ipv4.services}" "/kun.is/${cfg.dmz.ipv4.services}"
]; ];
@ -44,7 +43,7 @@ in
]; ];
address = [ address = [
"/ns.pizzapim.nl/ns.geokunis2.nl/${cfg.dmz.ipv4.services}" "/ns.pizzapim.nl/${cfg.dmz.ipv4.services}"
"/ns.pizzapim.nl/ns.geokunis2.nl/${cfg.dmz.ipv6.services}" "/ns.pizzapim.nl/${cfg.dmz.ipv6.services}"
]; ];
} }

41
nix/modules/networking/dmz_services/zones/geokunis2.nl.nix
View file

@ -1,41 +0,0 @@
{ config, dns, ... }:
with dns.lib.combinators;
let
cfg = config.lab.networking;
in
{
SOA = {
nameServer = "ns";
adminEmail = "hostmaster@geokunis2.nl";
serial = 2024020500;
};
NS = [
"ns.geokunis2.nl."
"ns0.transip.net."
"ns1.transip.nl."
"ns2.transip.eu."
];
MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
CAA = letsEncrypt "caa@geokunis2.nl";
subdomains = {
ns = {
A = [ cfg.public.ipv4.router ];
AAAA = [ cfg.dmz.ipv6.services ];
};
ns1 = {
A = [ cfg.public.ipv4.router ];
AAAA = [ cfg.dmz.ipv6.services ];
};
ns2 = {
A = [ cfg.public.ipv4.router ];
AAAA = [ cfg.dmz.ipv6.services ];
};
};
}

30
nix/modules/networking/dmz_services/zones/kun.is.nix
View file

@ -25,26 +25,12 @@ in
(with spf; soft [ "include:spf.glasnet.nl" ]) (with spf; soft [ "include:spf.glasnet.nl" ])
]; ];
subdomains = { subdomains = rec {
"*" = { "*" = host cfg.public.ipv4.router cfg.dmz.ipv6.dockerSwarm;
A = [ cfg.public.ipv4.router ];
AAAA = [ cfg.dmz.ipv6.dockerSwarm ];
};
ns = { ns = host cfg.public.ipv4.router cfg.dmz.ipv6.services;
A = [ cfg.public.ipv4.router ]; ns1 = ns;
AAAA = [ cfg.dmz.ipv6.services ]; ns2 = ns;
};
ns1 = {
A = [ cfg.public.ipv4.router ];
AAAA = [ cfg.dmz.ipv6.services ];
};
ns2 = {
A = [ cfg.public.ipv4.router ];
AAAA = [ cfg.dmz.ipv6.services ];
};
# Override because we don't support IPv6 for Git SSH. # Override because we don't support IPv6 for Git SSH.
git = { git = {
@ -59,10 +45,7 @@ in
}; };
# Override because wg is on opnsense so ipv6 differs from "cfg.dmz.ipv6.services" # Override because wg is on opnsense so ipv6 differs from "cfg.dmz.ipv6.services"
wg = { wg = host cfg.public.ipv4.router cfg.dmz.ipv6.router;
A = [ cfg.public.ipv4.router ];
AAAA = [ cfg.dmz.ipv6.router ];
};
#for SMTP2GO to be able send emails from kun.is domain #for SMTP2GO to be able send emails from kun.is domain
em670271 = { em670271 = {
@ -76,6 +59,5 @@ in
link = { link = {
CNAME = [ "track.smtp2go.net." ]; CNAME = [ "track.smtp2go.net." ];
}; };
}; };
} }