home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

create custom nixos module for k8s ingress

Browse source
This commit is contained in:
Pim Kunis 2024-04-14 23:11:19 +02:00
parent 4b01eeadbb
commit 4ded27d82e
15 changed files with 193 additions and 483 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
kubenix-modules/all.nix
View file

@ -21,5 +21,6 @@
./metallb.nix
./cert-manager.nix
./minecraft.nix
./custom/ingress.nix
];
}

68
kubenix-modules/custom/ingress.nix Normal file
View file

@ -0,0 +1,68 @@
{ lib, config, ... }:
let
ingressOpts = { name, ... }: {
options = {
host = lib.mkOption {
type = lib.types.str;
};
entrypoint = lib.mkOption {
type = lib.types.str;
default = "websecure";
};
service = {
name = lib.mkOption {
type = lib.types.str;
};
portName = lib.mkOption {
type = lib.types.str;
};
};
};
};
in
{
options = {
lab.ingresses = lib.mkOption {
type = with lib.types; attrsOf (submodule ingressOpts);
default = { };
};
};
config = {
kubernetes.resources.ingresses = builtins.mapAttrs
(name: ingress: {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = ingress.entrypoint;
};
spec = {
ingressClassName = "traefik";
rules = [{
host = ingress.host;
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = ingress.service.name;
port.name = ingress.service.portName;
};
}];
}];
tls = [{
secretName = "${name}-tls";
hosts = [ ingress.host ];
}];
};
})
config.lab.ingresses;
};
}

30
kubenix-modules/cyberchef.nix
View file

@ -22,32 +22,14 @@
targetPort = "web";
};
};
};
ingresses.cyberchef = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.cyberchef = {
host = "cyberchef.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "cyberchef.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "cyberchef";
port.name = "web";
};
}];
}];
tls = [{
secretName = "cyberchef-tls";
hosts = [ "cyberchef.kun.is" ];
}];
};
service = {
name = "cyberchef";
portName = "web";
};
};
}

30
kubenix-modules/esrom.nix
View file

@ -9,32 +9,14 @@
targetPort = 80;
};
};
};
ingresses.esrom = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.esrom = {
host = "esrom.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "esrom.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "esrom";
port.name = "web";
};
}];
}];
tls = [{
secretName = "esrom-tls";
hosts = [ "esrom.kun.is" ];
}];
};
service = {
name = "esrom";
portName = "web";
};
};
}

30
kubenix-modules/forgejo.nix
View file

@ -196,32 +196,14 @@
};
};
};
};
ingresses.forgejo = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.forgejo = {
host = "git.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "git.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "forgejo-web";
port.name = "web";
};
}];
}];
tls = [{
secretName = "forgejo-tls";
hosts = [ "git.kun.is" ];
}];
};
service = {
name = "forgejo-web";
portName = "web";
};
};
}

30
kubenix-modules/freshrss.nix
View file

@ -73,32 +73,14 @@
targetPort = "web";
};
};
};
ingresses.freshrss = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.freshrss = {
host = "rss.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "rss.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "freshrss";
port.name = "web";
};
}];
}];
tls = [{
secretName = "freshrss-tls";
hosts = [ "rss.kun.is" ];
}];
};
service = {
name = "freshrss";
portName = "web";
};
};
}

30
kubenix-modules/hedgedoc.nix
View file

@ -98,32 +98,14 @@
targetPort = "web";
};
};
};
ingresses.hedgedoc = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.hedgedoc = {
host = "md.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "md.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "hedgedoc";
port.name = "web";
};
}];
}];
tls = [{
secretName = "hedgedoc-tls";
hosts = [ "md.kun.is" ];
}];
};
service = {
name = "hedgedoc";
portName = "web";
};
};
}

34
kubenix-modules/inbucket.nix
View file

@ -44,35 +44,15 @@
}];
};
};
};
ingresses.inbucket = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
lab.ingresses.inbucket = {
host = "inbucket.kun.is";
entrypoint = "localsecure";
spec = {
ingressClassName = "traefik";
rules = [{
host = "inbucket.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "inbucket-web";
port.name = "web";
};
}];
}];
tls = [{
secretName = "inbucket-tls";
hosts = [ "inbucket.kun.is" ];
}];
};
service = {
name = "inbucket-web";
portName = "web";
};
};
}

30
kubenix-modules/kitchenowl.nix
View file

@ -114,32 +114,14 @@
};
};
};
};
ingresses.kitchenowl = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.kitchenowl = {
host = "boodschappen.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "boodschappen.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "kitchenowl-web";
port.name = "web";
};
}];
}];
tls = [{
secretName = "kitchenowl-tls";
hosts = [ "boodschappen.kun.is" ];
}];
};
service = {
name = "kitchenowl-web";
portName = "web";
};
};
}

235
kubenix-modules/media.nix
View file

@ -581,212 +581,75 @@
};
};
};
};
ingresses = {
jellyfin = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses = {
jellyfin = {
host = "media.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "media.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "jellyfin";
port.name = "web";
};
}];
}];
tls = [{
secretName = "jellyfin-tls";
hosts = [ "media.kun.is" ];
}];
};
service = {
name = "jellyfin";
portName = "web";
};
};
transmission = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
transmission = {
host = "transmission.kun.is";
entrypoint = "localsecure";
spec = {
ingressClassName = "traefik";
rules = [{
host = "transmission.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "transmission-web";
port.name = "web";
};
}];
}];
tls = [{
secretName = "transmission-tls";
hosts = [ "transmission.kun.is" ];
}];
};
service = {
name = "transmission-web";
portName = "web";
};
};
jellyseerr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
jellyseerr = {
host = "jellyseerr.kun.is";
entrypoint = "localsecure";
spec = {
ingressClassName = "traefik";
rules = [{
host = "jellyseerr.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "jellyseerr";
port.name = "web";
};
}];
}];
tls = [{
secretName = "jellyseerr-tls";
hosts = [ "jellyseerr.kun.is" ];
}];
};
service = {
name = "jellyseerr";
portName = "web";
};
};
radarr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
radarr = {
host = "radarr.kun.is";
entrypoint = "localsecure";
spec = {
ingressClassName = "traefik";
rules = [{
host = "radarr.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "radarr";
port.name = "web";
};
}];
}];
tls = [{
secretName = "radarr-tls";
hosts = [ "radarr.kun.is" ];
}];
};
service = {
name = "radarr";
portName = "web";
};
};
prowlarr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
prowlarr = {
host = "prowlarr.kun.is";
entrypoint = "localsecure";
spec = {
ingressClassName = "traefik";
rules = [{
host = "prowlarr.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "prowlarr";
port.name = "web";
};
}];
}];
tls = [{
secretName = "prowlarr-tls";
hosts = [ "prowlarr.kun.is" ];
}];
};
service = {
name = "prowlarr";
portName = "web";
};
};
sonarr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
sonarr = {
host = "sonarr.kun.is";
entrypoint = "localsecure";
spec = {
ingressClassName = "traefik";
rules = [{
host = "sonarr.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "sonarr";
port.name = "web";
};
}];
}];
tls = [{
secretName = "sonarr-tls";
hosts = [ "sonarr.kun.is" ];
}];
};
service = {
name = "sonarr";
portName = "web";
};
};
bazarr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
spec = {
ingressClassName = "traefik";
bazarr = {
host = "bazarr.kun.is";
entrypoint = "localsecure";
rules = [{
host = "bazarr.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "bazarr";
port.name = "web";
};
}];
}];
tls = [{
secretName = "bazarr-tls";
hosts = [ "bazarr.kun.is" ];
}];
};
service = {
name = "bazarr";
portName = "web";
};
};
};

30
kubenix-modules/nextcloud.nix
View file

@ -65,32 +65,14 @@
targetPort = "web";
};
};
};
ingresses.nextcloud = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.nextcloud = {
host = "cloud.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "cloud.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "nextcloud";
port.name = "web";
};
}];
}];
tls = [{
secretName = "nextcloud-tls";
hosts = [ "cloud.kun.is" ];
}];
};
service = {
name = "nextcloud";
portName = "web";
};
};
}

30
kubenix-modules/paperless-ngx.nix
View file

@ -168,32 +168,14 @@
};
};
};
};
ingresses.paperless-ngx = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.paperless-ngx = {
host = "paperless.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "paperless.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "paperless-ngx-web";
port.name = "web";
};
}];
}];
tls = [{
secretName = "paperless-ngx-tls";
hosts = [ "paperless.kun.is" ];
}];
};
service = {
name = "paperless-ngx-web";
portName = "web";
};
};
}

34
kubenix-modules/pihole.nix
View file

@ -116,35 +116,15 @@
};
};
};
};
ingresses.pihole-web = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
lab.ingresses.pihole = {
host = "pihole.kun.is";
entrypoint = "localsecure";
spec = {
ingressClassName = "traefik";
rules = [{
host = "pihole.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "pihole-web";
port.name = "web";
};
}];
}];
tls = [{
secretName = "pihole-tls";
hosts = [ "pihole.kun.is" ];
}];
};
service = {
name = "pihole-web";
portName = "web";
};
};
}

30
kubenix-modules/radicale.nix
View file

@ -98,32 +98,14 @@
targetPort = "web";
};
};
};
ingresses.radicale = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
lab.ingresses.radicale = {
host = "dav.kun.is";
spec = {
ingressClassName = "traefik";
rules = [{
host = "dav.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "radicale";
port.name = "web";
};
}];
}];
tls = [{
secretName = "radicale-tls";
hosts = [ "dav.kun.is" ];
}];
};
service = {
name = "radicale";
portName = "web";
};
};
}

34
kubenix-modules/syncthing.nix
View file

@ -67,35 +67,15 @@
targetPort = "web";
};
};
};
ingresses.syncthing = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
lab.ingresses.syncthing = {
host = "sync.kun.is";
entrypoint = "localsecure";
spec = {
ingressClassName = "traefik";
rules = [{
host = "sync.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "syncthing";
port.name = "web";
};
}];
}];
tls = [{
secretName = "syncthing-tls";
hosts = [ "sync.kun.is" ];
}];
};
service = {
name = "syncthing";
portName = "web";
};
};
}