diff --git a/flake-parts/kubenix-deploy.sh b/flake-parts/kubenix-deploy.sh new file mode 100755 index 0000000..d6cf7b9 --- /dev/null +++ b/flake-parts/kubenix-deploy.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -euo pipefail +IFS=$'\n\t' + +export KUBECTL_APPLYSET=true +vals eval -fail-on-missing-key-in-map <$MANIFEST | kubectl apply -f - --prune --applyset $APPLYSET --namespace $NAMESPACE diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index d3774a3..8cbc485 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -1,4 +1,4 @@ -{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem +{ self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem (system: let mkKubenixPackage = module: kubenix.packages.${system}.default.override @@ -6,8 +6,57 @@ specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; }; module = { imports = [ module ]; }; }; + + deployScript = (pkgs.writeScriptBin "kubenix" (builtins.readFile ./kubenix-deploy.sh)).overrideAttrs (old: { + buildCommand = "${old.buildCommand}\npatchShebangs $out"; + }); + + mkDeployScript = kubernetes: applyset: namespace: + let + kubeconfig = kubernetes.kubeconfig or ""; + result = kubernetes.result or ""; + + wrappedDeployScript = pkgs.symlinkJoin + { + name = "kubenix"; + paths = [ deployScript pkgs.vals pkgs.kubectl ]; + buildInputs = [ pkgs.makeWrapper ]; + passthru.manifest = result; + + postBuild = '' + wrapProgram $out/bin/kubenix \ + --suffix PATH : "$out/bin" \ + --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \ + --set MANIFEST '${result}' \ + --set APPLYSET '${applyset}' \ + --set NAMESPACE '${namespace}' + ''; + }; + in + wrappedDeployScript; + + mkDeployScriptAndManifest = module: applyset: namespace: + let + kubernetes = (kubenix.evalModules.${system} { + module = { kubenix, ... }: + { + imports = [ + kubenix.modules.k8s + "${self}/kubenix-modules/custom" + module + ]; + }; + }).config.kubernetes; + in + { + manifest = kubernetes.result; + deploy = mkDeployScript kubernetes applyset namespace; + }; in { - kubenix = mkKubenixPackage "${self}/kubenix-modules/all.nix"; - kubenix-bootstrap = mkKubenixPackage "${self}/kubenix-modules/base.nix"; + kubenix.all.deploy = mkKubenixPackage "${self}/kubenix-modules/all.nix"; + kubenix.bootstrap.deploy = mkKubenixPackage "${self}/kubenix-modules/base.nix"; + + kubenix.cyberchef = mkDeployScriptAndManifest + "${self}/kubenix-modules/cyberchef.nix" "cyberchef" "cyberchef"; }) diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix index eb470c4..98a05a4 100644 --- a/kubenix-modules/all.nix +++ b/kubenix-modules/all.nix @@ -1,7 +1,7 @@ let applications = [ ./freshrss.nix - ./cyberchef.nix + # ./cyberchef.nix ./kms.nix ./inbucket.nix ./radicale.nix @@ -31,9 +31,7 @@ in ./ek2024.nix ./metallb.nix ./cert-manager.nix - ./custom/ingress.nix - ./custom/nfs-volume.nix - ./custom/longhorn-volume.nix + ./custom ./traefik.nix ./volumes.nix ./custom-types.nix diff --git a/kubenix-modules/base.nix b/kubenix-modules/base.nix index 018f126..7f422f4 100644 --- a/kubenix-modules/base.nix +++ b/kubenix-modules/base.nix @@ -59,15 +59,17 @@ }; }; - resources.nodes = - let - machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; - in - builtins.mapAttrs - (name: machine: { - metadata.labels = machine.kubernetesNodeLabels; - }) - machinesWithKubernetesLabels; + resources = { + nodes = + let + machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; + in + builtins.mapAttrs + (name: machine: { + metadata.labels = machine.kubernetesNodeLabels; + }) + machinesWithKubernetesLabels; + }; }; }; } diff --git a/kubenix-modules/custom/default.nix b/kubenix-modules/custom/default.nix new file mode 100644 index 0000000..d21b916 --- /dev/null +++ b/kubenix-modules/custom/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./ingress.nix + ./longhorn-volume.nix + ./nfs-volume.nix + ]; +} diff --git a/kubenix-modules/cyberchef.nix b/kubenix-modules/cyberchef.nix index 19c2578..2e25d32 100644 --- a/kubenix-modules/cyberchef.nix +++ b/kubenix-modules/cyberchef.nix @@ -1,35 +1,45 @@ { - kubernetes.resources = { - deployments.cyberchef.spec = { - replicas = 3; - selector.matchLabels.app = "cyberchef"; + config = { + kubenix.project = "cyberchef"; - template = { - metadata.labels.app = "cyberchef"; + kubernetes = { + namespace = "cyberchef"; - spec.containers.cyberchef = { - image = "mpepping/cyberchef"; - ports.web.containerPort = 8000; + resources = { + namespaces.cyberchef = { }; + + deployments.cyberchef.spec = { + replicas = 3; + selector.matchLabels.app = "cyberchef"; + + template = { + metadata.labels.app = "cyberchef"; + + spec.containers.cyberchef = { + image = "mpepping/cyberchef"; + ports.web.containerPort = 8000; + }; + }; + }; + + services.cyberchef.spec = { + selector.app = "cyberchef"; + + ports.web = { + port = 80; + targetPort = "web"; + }; }; }; }; - services.cyberchef.spec = { - selector.app = "cyberchef"; + lab.ingresses.cyberchef = { + host = "cyberchef.kun.is"; - ports.web = { - port = 80; - targetPort = "web"; + service = { + name = "cyberchef"; + portName = "web"; }; }; }; - - lab.ingresses.cyberchef = { - host = "cyberchef.kun.is"; - - service = { - name = "cyberchef"; - portName = "web"; - }; - }; }