use kubenix to create cyberchef resources

2024-03-23 17:24:39 +01:00 · 2024-03-23 17:24:39 +01:00 · 9e04839c5a
commit 9e04839c5a
parent aa98851cef
5 changed files with 67 additions and 54 deletions
--- a/docker_swarm/playbooks/stacks.yml
+++ b/docker_swarm/playbooks/stacks.yml
@ -5,9 +5,7 @@
    - {role: traefik, tags: traefik}
    - {role: forgejo, tags: forgejo}
    - {role: radicale, tags: radicale}
-    - {role: freshrss, tags: freshrss}
    - {role: hedgedoc, tags: hedgedoc}
-    - {role: cyberchef, tags: cyberchef}
    - {role: inbucket, tags: inbucket}
    - {role: kms, tags: kms}
    - {role: swarm_dashboard, tags: swarm_dashboard}
--- a/flake.nix
+++ b/flake.nix
@ -47,6 +47,7 @@
      ./nix/flake/checks.nix
      ./nix/flake/deploy.nix
      ./nix/flake/nixos.nix
+      ./nix/flake/kubenix.nix
    ] // (flake-utils.lib.eachDefaultSystem (system: {
      formatter = nixpkgs.legacyPackages.${system}.nixfmt;
    }));
--- a/kubernetes/cyberchef.yaml
+++ b/kubernetes/cyberchef.yaml
@ -1,52 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: cyberchef
-  labels:
-    app: cyberchef
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: cyberchef
-  template:
-    metadata:
-      labels:
-        app: cyberchef
-    spec:
-      containers:
-      - name: cyberchef
-        image: mpepping/cyberchef
-        ports:
-        - containerPort: 8000
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: cyberchef
-spec:
-  selector:
-    app: cyberchef
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8000
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: cyberchef
-spec:
-  ingressClassName: traefik
-  rules:
-  - host: cyberchef.kun.is
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: cyberchef
-            port:
-              number: 80
--- a/kubernetes/kubenix-namespace.yaml
+++ b/kubernetes/kubenix-namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubenix
--- a/nix/flake/kubenix.nix
+++ b/nix/flake/kubenix.nix
@ -0,0 +1,62 @@
+{ self, flake-utils, kubenix, ... }: flake-utils.lib.eachDefaultSystem
+  (system: {
+    kubenix = kubenix.packages.${system}.default.override {
+      specialArgs.flake = self;
+
+      module = { kubenix, ... }: {
+        imports = [ kubenix.modules.k8s ];
+        kubernetes.kubeconfig = "~/.kube/config";
+        kubenix.project = "home";
+
+        kubernetes.resources = {
+          deployments.cyberchef.spec = {
+            replicas = 3;
+            selector.matchLabels.app = "cyberchef";
+
+            template = {
+              metadata.labels.app = "cyberchef";
+
+              spec = {
+                containers.cyberchef = {
+                  image = "mpepping/cyberchef";
+
+                  ports = [{
+                    containerPort = 8000;
+                    protocol = "TCP";
+                  }];
+                };
+              };
+            };
+          };
+
+          services.cyberchef.spec = {
+            selector.app = "cyberchef";
+
+            ports = [{
+              protocol = "TCP";
+              port = 80;
+              targetPort = 8000;
+            }];
+          };
+
+          ingresses.cyberchef.spec = {
+            ingressClassName = "traefik";
+
+            rules = [{
+              host = "cyberchef.kun.is";
+
+              http.paths = [{
+                path = "/";
+                pathType = "Prefix";
+
+                backend.service = {
+                  name = "cyberchef";
+                  port.number = 80;
+                };
+              }];
+            }];
+          };
+        };
+      };
+    };
+  })