diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix index cf2635a..08a3bef 100644 --- a/kubenix-modules/all.nix +++ b/kubenix-modules/all.nix @@ -21,5 +21,6 @@ ./metallb.nix ./cert-manager.nix ./minecraft.nix + ./custom/ingress.nix ]; } diff --git a/kubenix-modules/custom/ingress.nix b/kubenix-modules/custom/ingress.nix new file mode 100644 index 0000000..501c6b3 --- /dev/null +++ b/kubenix-modules/custom/ingress.nix @@ -0,0 +1,68 @@ +{ lib, config, ... }: +let + ingressOpts = { name, ... }: { + options = { + host = lib.mkOption { + type = lib.types.str; + }; + + entrypoint = lib.mkOption { + type = lib.types.str; + default = "websecure"; + }; + + service = { + name = lib.mkOption { + type = lib.types.str; + }; + + portName = lib.mkOption { + type = lib.types.str; + }; + }; + }; + }; +in +{ + options = { + lab.ingresses = lib.mkOption { + type = with lib.types; attrsOf (submodule ingressOpts); + + default = { }; + }; + }; + + config = { + kubernetes.resources.ingresses = builtins.mapAttrs + (name: ingress: { + metadata.annotations = { + "cert-manager.io/cluster-issuer" = "letsencrypt"; + "traefik.ingress.kubernetes.io/router.entrypoints" = ingress.entrypoint; + }; + + spec = { + ingressClassName = "traefik"; + + rules = [{ + host = ingress.host; + + http.paths = [{ + path = "/"; + pathType = "Prefix"; + + backend.service = { + name = ingress.service.name; + port.name = ingress.service.portName; + }; + }]; + }]; + + tls = [{ + secretName = "${name}-tls"; + hosts = [ ingress.host ]; + }]; + }; + }) + config.lab.ingresses; + }; +} diff --git a/kubenix-modules/cyberchef.nix b/kubenix-modules/cyberchef.nix index fac46a0..19c2578 100644 --- a/kubenix-modules/cyberchef.nix +++ b/kubenix-modules/cyberchef.nix @@ -22,32 +22,14 @@ targetPort = "web"; }; }; + }; - ingresses.cyberchef = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.cyberchef = { + host = "cyberchef.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "cyberchef.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "cyberchef"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "cyberchef-tls"; - hosts = [ "cyberchef.kun.is" ]; - }]; - }; + service = { + name = "cyberchef"; + portName = "web"; }; }; } diff --git a/kubenix-modules/esrom.nix b/kubenix-modules/esrom.nix index 1265098..5c30a71 100644 --- a/kubenix-modules/esrom.nix +++ b/kubenix-modules/esrom.nix @@ -9,32 +9,14 @@ targetPort = 80; }; }; + }; - ingresses.esrom = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.esrom = { + host = "esrom.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "esrom.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "esrom"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "esrom-tls"; - hosts = [ "esrom.kun.is" ]; - }]; - }; + service = { + name = "esrom"; + portName = "web"; }; }; } diff --git a/kubenix-modules/forgejo.nix b/kubenix-modules/forgejo.nix index 49a77e4..2012d1f 100644 --- a/kubenix-modules/forgejo.nix +++ b/kubenix-modules/forgejo.nix @@ -196,32 +196,14 @@ }; }; }; + }; - ingresses.forgejo = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.forgejo = { + host = "git.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "git.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "forgejo-web"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "forgejo-tls"; - hosts = [ "git.kun.is" ]; - }]; - }; + service = { + name = "forgejo-web"; + portName = "web"; }; }; } diff --git a/kubenix-modules/freshrss.nix b/kubenix-modules/freshrss.nix index c8a1358..f853da0 100644 --- a/kubenix-modules/freshrss.nix +++ b/kubenix-modules/freshrss.nix @@ -73,32 +73,14 @@ targetPort = "web"; }; }; + }; - ingresses.freshrss = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.freshrss = { + host = "rss.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "rss.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "freshrss"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "freshrss-tls"; - hosts = [ "rss.kun.is" ]; - }]; - }; + service = { + name = "freshrss"; + portName = "web"; }; }; } diff --git a/kubenix-modules/hedgedoc.nix b/kubenix-modules/hedgedoc.nix index 23765a8..1c13a8b 100644 --- a/kubenix-modules/hedgedoc.nix +++ b/kubenix-modules/hedgedoc.nix @@ -98,32 +98,14 @@ targetPort = "web"; }; }; + }; - ingresses.hedgedoc = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.hedgedoc = { + host = "md.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "md.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "hedgedoc"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "hedgedoc-tls"; - hosts = [ "md.kun.is" ]; - }]; - }; + service = { + name = "hedgedoc"; + portName = "web"; }; }; } diff --git a/kubenix-modules/inbucket.nix b/kubenix-modules/inbucket.nix index db01542..633c2ad 100644 --- a/kubenix-modules/inbucket.nix +++ b/kubenix-modules/inbucket.nix @@ -44,35 +44,15 @@ }]; }; }; + }; - ingresses.inbucket = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; + lab.ingresses.inbucket = { + host = "inbucket.kun.is"; + entrypoint = "localsecure"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "inbucket.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "inbucket-web"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "inbucket-tls"; - hosts = [ "inbucket.kun.is" ]; - }]; - }; + service = { + name = "inbucket-web"; + portName = "web"; }; }; } diff --git a/kubenix-modules/kitchenowl.nix b/kubenix-modules/kitchenowl.nix index 5c9cf9b..5fea87f 100644 --- a/kubenix-modules/kitchenowl.nix +++ b/kubenix-modules/kitchenowl.nix @@ -114,32 +114,14 @@ }; }; }; + }; - ingresses.kitchenowl = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.kitchenowl = { + host = "boodschappen.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "boodschappen.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "kitchenowl-web"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "kitchenowl-tls"; - hosts = [ "boodschappen.kun.is" ]; - }]; - }; + service = { + name = "kitchenowl-web"; + portName = "web"; }; }; } diff --git a/kubenix-modules/media.nix b/kubenix-modules/media.nix index 62014f2..4dd5936 100644 --- a/kubenix-modules/media.nix +++ b/kubenix-modules/media.nix @@ -581,212 +581,75 @@ }; }; }; + }; - ingresses = { - jellyfin = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses = { + jellyfin = { + host = "media.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "media.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "jellyfin"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "jellyfin-tls"; - hosts = [ "media.kun.is" ]; - }]; - }; + service = { + name = "jellyfin"; + portName = "web"; }; + }; - transmission = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; + transmission = { + host = "transmission.kun.is"; + entrypoint = "localsecure"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "transmission.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "transmission-web"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "transmission-tls"; - hosts = [ "transmission.kun.is" ]; - }]; - }; + service = { + name = "transmission-web"; + portName = "web"; }; + }; - jellyseerr = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; + jellyseerr = { + host = "jellyseerr.kun.is"; + entrypoint = "localsecure"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "jellyseerr.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "jellyseerr"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "jellyseerr-tls"; - hosts = [ "jellyseerr.kun.is" ]; - }]; - }; + service = { + name = "jellyseerr"; + portName = "web"; }; + }; - radarr = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; + radarr = { + host = "radarr.kun.is"; + entrypoint = "localsecure"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "radarr.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "radarr"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "radarr-tls"; - hosts = [ "radarr.kun.is" ]; - }]; - }; + service = { + name = "radarr"; + portName = "web"; }; + }; - prowlarr = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; + prowlarr = { + host = "prowlarr.kun.is"; + entrypoint = "localsecure"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "prowlarr.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "prowlarr"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "prowlarr-tls"; - hosts = [ "prowlarr.kun.is" ]; - }]; - }; + service = { + name = "prowlarr"; + portName = "web"; }; + }; - sonarr = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; + sonarr = { + host = "sonarr.kun.is"; + entrypoint = "localsecure"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "sonarr.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "sonarr"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "sonarr-tls"; - hosts = [ "sonarr.kun.is" ]; - }]; - }; + service = { + name = "sonarr"; + portName = "web"; }; + }; - bazarr = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; - spec = { - ingressClassName = "traefik"; + bazarr = { + host = "bazarr.kun.is"; + entrypoint = "localsecure"; - rules = [{ - host = "bazarr.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "bazarr"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "bazarr-tls"; - hosts = [ "bazarr.kun.is" ]; - }]; - }; + service = { + name = "bazarr"; + portName = "web"; }; }; }; diff --git a/kubenix-modules/nextcloud.nix b/kubenix-modules/nextcloud.nix index 85a60e7..8300cc7 100644 --- a/kubenix-modules/nextcloud.nix +++ b/kubenix-modules/nextcloud.nix @@ -65,32 +65,14 @@ targetPort = "web"; }; }; + }; - ingresses.nextcloud = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.nextcloud = { + host = "cloud.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "cloud.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "nextcloud"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "nextcloud-tls"; - hosts = [ "cloud.kun.is" ]; - }]; - }; + service = { + name = "nextcloud"; + portName = "web"; }; }; } diff --git a/kubenix-modules/paperless-ngx.nix b/kubenix-modules/paperless-ngx.nix index 44236eb..aaa7f39 100644 --- a/kubenix-modules/paperless-ngx.nix +++ b/kubenix-modules/paperless-ngx.nix @@ -168,32 +168,14 @@ }; }; }; + }; - ingresses.paperless-ngx = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.paperless-ngx = { + host = "paperless.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "paperless.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "paperless-ngx-web"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "paperless-ngx-tls"; - hosts = [ "paperless.kun.is" ]; - }]; - }; + service = { + name = "paperless-ngx-web"; + portName = "web"; }; }; } diff --git a/kubenix-modules/pihole.nix b/kubenix-modules/pihole.nix index 2d213ef..df92b1b 100644 --- a/kubenix-modules/pihole.nix +++ b/kubenix-modules/pihole.nix @@ -116,35 +116,15 @@ }; }; }; + }; - ingresses.pihole-web = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; + lab.ingresses.pihole = { + host = "pihole.kun.is"; + entrypoint = "localsecure"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "pihole.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "pihole-web"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "pihole-tls"; - hosts = [ "pihole.kun.is" ]; - }]; - }; + service = { + name = "pihole-web"; + portName = "web"; }; }; } diff --git a/kubenix-modules/radicale.nix b/kubenix-modules/radicale.nix index 5f660dd..a759aad 100644 --- a/kubenix-modules/radicale.nix +++ b/kubenix-modules/radicale.nix @@ -98,32 +98,14 @@ targetPort = "web"; }; }; + }; - ingresses.radicale = { - metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; + lab.ingresses.radicale = { + host = "dav.kun.is"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "dav.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "radicale"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "radicale-tls"; - hosts = [ "dav.kun.is" ]; - }]; - }; + service = { + name = "radicale"; + portName = "web"; }; }; } diff --git a/kubenix-modules/syncthing.nix b/kubenix-modules/syncthing.nix index d682efd..3fc4122 100644 --- a/kubenix-modules/syncthing.nix +++ b/kubenix-modules/syncthing.nix @@ -67,35 +67,15 @@ targetPort = "web"; }; }; + }; - ingresses.syncthing = { - metadata.annotations = { - "cert-manager.io/cluster-issuer" = "letsencrypt"; - "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; - }; + lab.ingresses.syncthing = { + host = "sync.kun.is"; + entrypoint = "localsecure"; - spec = { - ingressClassName = "traefik"; - - rules = [{ - host = "sync.kun.is"; - - http.paths = [{ - path = "/"; - pathType = "Prefix"; - - backend.service = { - name = "syncthing"; - port.name = "web"; - }; - }]; - }]; - - tls = [{ - secretName = "syncthing-tls"; - hosts = [ "sync.kun.is" ]; - }]; - }; + service = { + name = "syncthing"; + portName = "web"; }; }; }