diff --git a/docker_swarm/playbooks/stacks.yml b/docker_swarm/playbooks/stacks.yml index dac1960..4329372 100644 --- a/docker_swarm/playbooks/stacks.yml +++ b/docker_swarm/playbooks/stacks.yml @@ -8,7 +8,6 @@ - {role: swarm_dashboard, tags: swarm_dashboard} - {role: pihole, tags: pihole} - {role: nextcloud, tags: nextcloud} - - {role: syncthing, tags: syncthing} - {role: kitchenowl, tags: kitchenowl} - {role: paperless-ngx, tags: paperless-ngx} - {role: media, tags: media} diff --git a/docker_swarm/roles/traefik/docker-stack.yml.j2 b/docker_swarm/roles/traefik/docker-stack.yml.j2 index 97aee88..05a8132 100644 --- a/docker_swarm/roles/traefik/docker-stack.yml.j2 +++ b/docker_swarm/roles/traefik/docker-stack.yml.j2 @@ -78,6 +78,12 @@ services: - traefik.http.routers.radicale.rule=Host(`dav.kun.is`) - traefik.http.routers.radicale.tls=true - traefik.http.routers.radicale.tls.certresolver=letsencrypt + + - traefik.http.routers.syncthing.entrypoints=localsecure + - traefik.http.routers.syncthing.service=k3s@file + - traefik.http.routers.syncthing.rule=Host(`sync.kun.is`) + - traefik.http.routers.syncthing.tls=true + - traefik.http.routers.syncthing.tls.certresolver=letsencrypt volumes: - type: bind source: /var/run/docker.sock diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix index 0bc0522..1b69ab5 100644 --- a/nix/flake/kubenix/default.nix +++ b/nix/flake/kubenix/default.nix @@ -12,6 +12,8 @@ ./kms.nix ./inbucket.nix ./radicale.nix + ./syncthing.nix + ./nextcloud.nix ]; kubernetes.kubeconfig = "~/.kube/config"; kubenix.project = "home"; diff --git a/nix/flake/kubenix/nextcloud.nix b/nix/flake/kubenix/nextcloud.nix new file mode 100644 index 0000000..7d9f3f2 --- /dev/null +++ b/nix/flake/kubenix/nextcloud.nix @@ -0,0 +1,20 @@ +{ + kubernetes.resources = { + persistentVolumes.nextcloud.spec = { + capacity.storage = "1Mi"; + accessModes = [ "ReadWriteMany" ]; + + nfs = { + server = "lewis.hyp"; + path = "/mnt/data/nfs/nextcloud/data"; + }; + }; + + persistentVolumeClaims.nextcloud.spec = { + accessModes = [ "ReadWriteMany" ]; + storageClassName = ""; + resources.requests.storage = "1Mi"; + volumeName = "nextcloud"; + }; + }; +} diff --git a/nix/flake/kubenix/syncthing.nix b/nix/flake/kubenix/syncthing.nix new file mode 100644 index 0000000..d16ce4d --- /dev/null +++ b/nix/flake/kubenix/syncthing.nix @@ -0,0 +1,100 @@ +{ + kubernetes.resources = { + configMaps.syncthing.data = { + PUID = "33"; + PGID = "33"; + TZ = "Europe/Amsterdam"; + }; + + deployments.syncthing = { + metadata.labels.app = "syncthing"; + + spec = { + selector.matchLabels.app = "syncthing"; + + template = { + metadata.labels.app = "syncthing"; + + spec = { + containers.syncthing = { + image = "lscr.io/linuxserver/syncthing:1.23.6"; + envFrom = [{ configMapRef.name = "syncthing"; }]; + + ports = [{ + containerPort = 8384; + protocol = "TCP"; + }]; + + volumeMounts = [ + { + name = "config"; + mountPath = "/config"; + } + { + name = "nextcloud-data"; + mountPath = "/data"; + } + ]; + }; + + volumes = [ + { + name = "config"; + persistentVolumeClaim.claimName = "syncthing"; + } + { + name = "nextcloud-data"; + persistentVolumeClaim.claimName = "nextcloud"; + } + ]; + }; + }; + }; + }; + + persistentVolumes.syncthing.spec = { + capacity.storage = "1Mi"; + accessModes = [ "ReadWriteMany" ]; + + nfs = { + server = "lewis.hyp"; + path = "/mnt/data/nfs/syncthing/config"; + }; + }; + + persistentVolumeClaims.syncthing.spec = { + accessModes = [ "ReadWriteMany" ]; + storageClassName = ""; + resources.requests.storage = "1Mi"; + volumeName = "syncthing"; + }; + + services.syncthing.spec = { + selector.app = "syncthing"; + + ports = [{ + protocol = "TCP"; + port = 80; + targetPort = 8384; + }]; + }; + + ingresses.syncthing.spec = { + ingressClassName = "traefik"; + + rules = [{ + host = "sync.kun.is"; + + http.paths = [{ + path = "/"; + pathType = "Prefix"; + + backend.service = { + name = "syncthing"; + port.number = 80; + }; + }]; + }]; + }; + }; +}