use kubenix to create cyberchef resources

This commit is contained in:
Pim Kunis 2024-03-23 17:24:39 +01:00
parent aa98851cef
commit 9e04839c5a
5 changed files with 67 additions and 54 deletions

View file

@ -5,9 +5,7 @@
- {role: traefik, tags: traefik} - {role: traefik, tags: traefik}
- {role: forgejo, tags: forgejo} - {role: forgejo, tags: forgejo}
- {role: radicale, tags: radicale} - {role: radicale, tags: radicale}
- {role: freshrss, tags: freshrss}
- {role: hedgedoc, tags: hedgedoc} - {role: hedgedoc, tags: hedgedoc}
- {role: cyberchef, tags: cyberchef}
- {role: inbucket, tags: inbucket} - {role: inbucket, tags: inbucket}
- {role: kms, tags: kms} - {role: kms, tags: kms}
- {role: swarm_dashboard, tags: swarm_dashboard} - {role: swarm_dashboard, tags: swarm_dashboard}

View file

@ -47,6 +47,7 @@
./nix/flake/checks.nix ./nix/flake/checks.nix
./nix/flake/deploy.nix ./nix/flake/deploy.nix
./nix/flake/nixos.nix ./nix/flake/nixos.nix
./nix/flake/kubenix.nix
] // (flake-utils.lib.eachDefaultSystem (system: { ] // (flake-utils.lib.eachDefaultSystem (system: {
formatter = nixpkgs.legacyPackages.${system}.nixfmt; formatter = nixpkgs.legacyPackages.${system}.nixfmt;
})); }));

View file

@ -1,52 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cyberchef
labels:
app: cyberchef
spec:
replicas: 3
selector:
matchLabels:
app: cyberchef
template:
metadata:
labels:
app: cyberchef
spec:
containers:
- name: cyberchef
image: mpepping/cyberchef
ports:
- containerPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: cyberchef
spec:
selector:
app: cyberchef
ports:
- protocol: TCP
port: 80
targetPort: 8000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cyberchef
spec:
ingressClassName: traefik
rules:
- host: cyberchef.kun.is
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cyberchef
port:
number: 80

View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubenix

62
nix/flake/kubenix.nix Normal file
View file

@ -0,0 +1,62 @@
{ self, flake-utils, kubenix, ... }: flake-utils.lib.eachDefaultSystem
(system: {
kubenix = kubenix.packages.${system}.default.override {
specialArgs.flake = self;
module = { kubenix, ... }: {
imports = [ kubenix.modules.k8s ];
kubernetes.kubeconfig = "~/.kube/config";
kubenix.project = "home";
kubernetes.resources = {
deployments.cyberchef.spec = {
replicas = 3;
selector.matchLabels.app = "cyberchef";
template = {
metadata.labels.app = "cyberchef";
spec = {
containers.cyberchef = {
image = "mpepping/cyberchef";
ports = [{
containerPort = 8000;
protocol = "TCP";
}];
};
};
};
};
services.cyberchef.spec = {
selector.app = "cyberchef";
ports = [{
protocol = "TCP";
port = 80;
targetPort = 8000;
}];
};
ingresses.cyberchef.spec = {
ingressClassName = "traefik";
rules = [{
host = "cyberchef.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "cyberchef";
port.number = 80;
};
}];
}];
};
};
};
};
})