create custom nixos module for k8s ingress

This commit is contained in:
Pim Kunis 2024-04-14 23:11:19 +02:00
parent 4b01eeadbb
commit 4ded27d82e
15 changed files with 193 additions and 483 deletions

View file

@ -21,5 +21,6 @@
./metallb.nix ./metallb.nix
./cert-manager.nix ./cert-manager.nix
./minecraft.nix ./minecraft.nix
./custom/ingress.nix
]; ];
} }

View file

@ -0,0 +1,68 @@
{ lib, config, ... }:
let
ingressOpts = { name, ... }: {
options = {
host = lib.mkOption {
type = lib.types.str;
};
entrypoint = lib.mkOption {
type = lib.types.str;
default = "websecure";
};
service = {
name = lib.mkOption {
type = lib.types.str;
};
portName = lib.mkOption {
type = lib.types.str;
};
};
};
};
in
{
options = {
lab.ingresses = lib.mkOption {
type = with lib.types; attrsOf (submodule ingressOpts);
default = { };
};
};
config = {
kubernetes.resources.ingresses = builtins.mapAttrs
(name: ingress: {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = ingress.entrypoint;
};
spec = {
ingressClassName = "traefik";
rules = [{
host = ingress.host;
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = ingress.service.name;
port.name = ingress.service.portName;
};
}];
}];
tls = [{
secretName = "${name}-tls";
hosts = [ ingress.host ];
}];
};
})
config.lab.ingresses;
};
}

View file

@ -22,32 +22,14 @@
targetPort = "web"; targetPort = "web";
}; };
}; };
};
ingresses.cyberchef = { lab.ingresses.cyberchef = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "cyberchef.kun.is"; host = "cyberchef.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "cyberchef"; name = "cyberchef";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "cyberchef-tls";
hosts = [ "cyberchef.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -9,32 +9,14 @@
targetPort = 80; targetPort = 80;
}; };
}; };
};
ingresses.esrom = { lab.ingresses.esrom = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "esrom.kun.is"; host = "esrom.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "esrom"; name = "esrom";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "esrom-tls";
hosts = [ "esrom.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -196,32 +196,14 @@
}; };
}; };
}; };
};
ingresses.forgejo = { lab.ingresses.forgejo = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "git.kun.is"; host = "git.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "forgejo-web"; name = "forgejo-web";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "forgejo-tls";
hosts = [ "git.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -73,32 +73,14 @@
targetPort = "web"; targetPort = "web";
}; };
}; };
};
ingresses.freshrss = { lab.ingresses.freshrss = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "rss.kun.is"; host = "rss.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "freshrss"; name = "freshrss";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "freshrss-tls";
hosts = [ "rss.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -98,32 +98,14 @@
targetPort = "web"; targetPort = "web";
}; };
}; };
};
ingresses.hedgedoc = { lab.ingresses.hedgedoc = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "md.kun.is"; host = "md.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "hedgedoc"; name = "hedgedoc";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "hedgedoc-tls";
hosts = [ "md.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -44,35 +44,15 @@
}]; }];
}; };
}; };
ingresses.inbucket = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
}; };
spec = { lab.ingresses.inbucket = {
ingressClassName = "traefik";
rules = [{
host = "inbucket.kun.is"; host = "inbucket.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "inbucket-web"; name = "inbucket-web";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "inbucket-tls";
hosts = [ "inbucket.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -114,32 +114,14 @@
}; };
}; };
}; };
};
ingresses.kitchenowl = { lab.ingresses.kitchenowl = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "boodschappen.kun.is"; host = "boodschappen.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "kitchenowl-web"; name = "kitchenowl-web";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "kitchenowl-tls";
hosts = [ "boodschappen.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -581,212 +581,75 @@
}; };
}; };
}; };
};
ingresses = { lab.ingresses = {
jellyfin = { jellyfin = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "media.kun.is"; host = "media.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "jellyfin"; name = "jellyfin";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "jellyfin-tls";
hosts = [ "media.kun.is" ];
}];
}; };
}; };
transmission = { transmission = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
spec = {
ingressClassName = "traefik";
rules = [{
host = "transmission.kun.is"; host = "transmission.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "transmission-web"; name = "transmission-web";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "transmission-tls";
hosts = [ "transmission.kun.is" ];
}];
}; };
}; };
jellyseerr = { jellyseerr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
spec = {
ingressClassName = "traefik";
rules = [{
host = "jellyseerr.kun.is"; host = "jellyseerr.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "jellyseerr"; name = "jellyseerr";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "jellyseerr-tls";
hosts = [ "jellyseerr.kun.is" ];
}];
}; };
}; };
radarr = { radarr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
spec = {
ingressClassName = "traefik";
rules = [{
host = "radarr.kun.is"; host = "radarr.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "radarr"; name = "radarr";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "radarr-tls";
hosts = [ "radarr.kun.is" ];
}];
}; };
}; };
prowlarr = { prowlarr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
spec = {
ingressClassName = "traefik";
rules = [{
host = "prowlarr.kun.is"; host = "prowlarr.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "prowlarr"; name = "prowlarr";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "prowlarr-tls";
hosts = [ "prowlarr.kun.is" ];
}];
}; };
}; };
sonarr = { sonarr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
spec = {
ingressClassName = "traefik";
rules = [{
host = "sonarr.kun.is"; host = "sonarr.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "sonarr"; name = "sonarr";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "sonarr-tls";
hosts = [ "sonarr.kun.is" ];
}];
}; };
}; };
bazarr = { bazarr = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
spec = {
ingressClassName = "traefik";
rules = [{
host = "bazarr.kun.is"; host = "bazarr.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "bazarr"; name = "bazarr";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "bazarr-tls";
hosts = [ "bazarr.kun.is" ];
}];
};
}; };
}; };
}; };

View file

@ -65,32 +65,14 @@
targetPort = "web"; targetPort = "web";
}; };
}; };
};
ingresses.nextcloud = { lab.ingresses.nextcloud = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "cloud.kun.is"; host = "cloud.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "nextcloud"; name = "nextcloud";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "nextcloud-tls";
hosts = [ "cloud.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -168,32 +168,14 @@
}; };
}; };
}; };
};
ingresses.paperless-ngx = { lab.ingresses.paperless-ngx = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "paperless.kun.is"; host = "paperless.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "paperless-ngx-web"; name = "paperless-ngx-web";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "paperless-ngx-tls";
hosts = [ "paperless.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -116,35 +116,15 @@
}; };
}; };
}; };
ingresses.pihole-web = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
}; };
spec = { lab.ingresses.pihole = {
ingressClassName = "traefik";
rules = [{
host = "pihole.kun.is"; host = "pihole.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "pihole-web"; name = "pihole-web";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "pihole-tls";
hosts = [ "pihole.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -98,32 +98,14 @@
targetPort = "web"; targetPort = "web";
}; };
}; };
};
ingresses.radicale = { lab.ingresses.radicale = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
spec = {
ingressClassName = "traefik";
rules = [{
host = "dav.kun.is"; host = "dav.kun.is";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "radicale"; name = "radicale";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "radicale-tls";
hosts = [ "dav.kun.is" ];
}];
};
}; };
}; };
} }

View file

@ -67,35 +67,15 @@
targetPort = "web"; targetPort = "web";
}; };
}; };
ingresses.syncthing = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
}; };
spec = { lab.ingresses.syncthing = {
ingressClassName = "traefik";
rules = [{
host = "sync.kun.is"; host = "sync.kun.is";
entrypoint = "localsecure";
http.paths = [{ service = {
path = "/";
pathType = "Prefix";
backend.service = {
name = "syncthing"; name = "syncthing";
port.name = "web"; portName = "web";
};
}];
}];
tls = [{
secretName = "syncthing-tls";
hosts = [ "sync.kun.is" ];
}];
};
}; };
}; };
} }