expose cyberchef deployment on k3s publicly

remove geokunis2.nl zone
2024-03-21 23:21:25 +01:00 · 2024-03-21 23:21:25 +01:00 · 476ec250ca
commit 476ec250ca
parent 1662a60688
7 changed files with 71 additions and 83 deletions
--- a/docker_swarm/roles/traefik/docker-stack.yml.j2
+++ b/docker_swarm/roles/traefik/docker-stack.yml.j2
@ -54,6 +54,12 @@ services:
        - traefik.http.routers.esrom.rule=Host(`esrom.kun.is`)
        - traefik.http.routers.esrom.tls=true
        - traefik.http.routers.esrom.tls.certresolver=letsencrypt
+
+        - traefik.http.routers.k3s.entrypoints=websecure
+        - traefik.http.routers.k3s.service=k3s@file
+        - traefik.http.routers.k3s.rule=Host(`cyberchef.k3s.kun.is`)
+        - traefik.http.routers.k3s.tls=true
+        - traefik.http.routers.k3s.tls.certresolver=letsencrypt
    volumes:
      - type: bind
        source: /var/run/docker.sock
--- a/docker_swarm/roles/traefik/services.yml
+++ b/docker_swarm/roles/traefik/services.yml
@ -1,5 +1,9 @@
 http:
  services:
+    k3s:
+      loadBalancer:
+        servers:
+          - url: http://jefke.dmz
    esrom:
      loadBalancer:
        servers:
--- a/kubernetes/mysite.yaml
+++ b/kubernetes/mysite.yaml
@ -0,0 +1,53 @@
+---
+# https://opensource.com/article/20/3/kubernetes-traefik
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysite-cyberchef
+  labels:
+    app: mysite-cyberchef
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mysite-cyberchef
+  template:
+    metadata:
+      labels:
+        app: mysite-cyberchef
+    spec:
+      containers:
+      - name: cyberchef
+        image: mpepping/cyberchef
+        ports:
+        - containerPort: 8000
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysite-cyberchef-service
+spec:
+  selector:
+    app: mysite-cyberchef
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8000
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mysite-cyberchef-ingress
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: mysite-cyberchef-service
+            port:
+              number: 80
--- a/nix/modules/networking/dmz_services/default.nix
+++ b/nix/modules/networking/dmz_services/default.nix
@ -8,11 +8,6 @@ let
    name = "kunis-zone-file";
    text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix inputs));
  };
-
-  geokunis2nlZoneFile = pkgs.writeTextFile {
-    name = "geokunis2nl-zone-file";
-    text = (dns.lib.toString "geokunis2.nl" (import ./zones/geokunis2.nl.nix inputs));
-  };
 in
 {
  options.lab.networking.dmz.services.enable = lib.mkOption {
@ -51,16 +46,6 @@ in
            file = kunisZoneFile;
            allowQuery = [ "any" ];
          };
-
-          "geokunis2.nl" = {
-            master = true;
-            file = geokunis2nlZoneFile;
-            allowQuery = [ "any" ];
-            slaves = [
-              "87.253.155.96/27"
-              "157.97.168.160/27"
-            ];
-          };
        };
      };

--- a/nix/modules/networking/dmz_services/dnsmasq.nix
+++ b/nix/modules/networking/dmz_services/dnsmasq.nix
@ -23,7 +23,6 @@ in

  server = [
    cfg.dmz.ipv4.router
-    "/geokunis2.nl/${cfg.dmz.ipv4.services}"
    "/kun.is/${cfg.dmz.ipv4.services}"
  ];

@ -44,7 +43,7 @@ in
  ];

  address = [
-    "/ns.pizzapim.nl/ns.geokunis2.nl/${cfg.dmz.ipv4.services}"
-    "/ns.pizzapim.nl/ns.geokunis2.nl/${cfg.dmz.ipv6.services}"
+    "/ns.pizzapim.nl/${cfg.dmz.ipv4.services}"
+    "/ns.pizzapim.nl/${cfg.dmz.ipv6.services}"
  ];
 }
--- a/nix/modules/networking/dmz_services/zones/geokunis2.nl.nix
+++ b/nix/modules/networking/dmz_services/zones/geokunis2.nl.nix
@ -1,41 +0,0 @@
-{ config, dns, ... }:
-with dns.lib.combinators;
-let
-  cfg = config.lab.networking;
-in
-{
-  SOA = {
-    nameServer = "ns";
-    adminEmail = "hostmaster@geokunis2.nl";
-    serial = 2024020500;
-  };
-
-  NS = [
-    "ns.geokunis2.nl."
-    "ns0.transip.net."
-    "ns1.transip.nl."
-    "ns2.transip.eu."
-  ];
-
-  MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
-
-  CAA = letsEncrypt "caa@geokunis2.nl";
-
-  subdomains = {
-    ns = {
-      A = [ cfg.public.ipv4.router ];
-      AAAA = [ cfg.dmz.ipv6.services ];
-    };
-
-    ns1 = {
-      A = [ cfg.public.ipv4.router ];
-      AAAA = [ cfg.dmz.ipv6.services ];
-    };
-
-    ns2 = {
-      A = [ cfg.public.ipv4.router ];
-      AAAA = [ cfg.dmz.ipv6.services ];
-    };
-
-  };
-}
--- a/nix/modules/networking/dmz_services/zones/kun.is.nix
+++ b/nix/modules/networking/dmz_services/zones/kun.is.nix
@ -25,26 +25,12 @@ in
    (with spf; soft [ "include:spf.glasnet.nl" ])
  ];

-  subdomains = {
-    "*" = {
-      A = [ cfg.public.ipv4.router ];
-      AAAA = [ cfg.dmz.ipv6.dockerSwarm ];
-    };
+  subdomains = rec {
+    "*" = host cfg.public.ipv4.router cfg.dmz.ipv6.dockerSwarm;

-    ns = {
-      A = [ cfg.public.ipv4.router ];
-      AAAA = [ cfg.dmz.ipv6.services ];
-    };
-
-    ns1 = {
-      A = [ cfg.public.ipv4.router ];
-      AAAA = [ cfg.dmz.ipv6.services ];
-    };
-
-    ns2 = {
-      A = [ cfg.public.ipv4.router ];
-      AAAA = [ cfg.dmz.ipv6.services ];
-    };
+    ns = host cfg.public.ipv4.router cfg.dmz.ipv6.services;
+    ns1 = ns;
+    ns2 = ns;

    # Override because we don't support IPv6 for Git SSH.
    git = {
@ -59,10 +45,7 @@ in
    };

    # Override because wg is on opnsense so ipv6 differs from "cfg.dmz.ipv6.services"
-    wg = {
-      A = [ cfg.public.ipv4.router ];
-      AAAA = [ cfg.dmz.ipv6.router ];
-    };
+    wg = host cfg.public.ipv4.router cfg.dmz.ipv6.router;

    #for SMTP2GO to be able send emails from kun.is domain
    em670271 = {
@ -76,6 +59,5 @@ in
    link = {
      CNAME = [ "track.smtp2go.net." ];
    };
-
  };
 }