diff --git a/README.md b/README.md index e91a270..29b2186 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,7 @@ Currently, the applications being deployed like this are: - `dnsmasq` - `bind9` - `media` +- `traefik` ## Known bugs diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index ff873cb..f253f48 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -44,7 +44,9 @@ { imports = [ kubenix.modules.k8s + kubenix.modules.helm "${self}/kubenix-modules/custom" + "${self}/kubenix-modules/custom-types.nix" module ]; @@ -102,4 +104,6 @@ "${self}/kubenix-modules/bind9" "bind9" "dns"; kubenix.media = mkDeployScriptAndManifest "${self}/kubenix-modules/media.nix" "media" "media"; + kubenix.traefik = mkDeployScriptAndManifest + "${self}/kubenix-modules/traefik.nix" "traefik" "kube-system"; }) diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix index 83a1e2c..4aea28d 100644 --- a/kubenix-modules/all.nix +++ b/kubenix-modules/all.nix @@ -4,12 +4,9 @@ # ./minecraft.nix ./base.nix ./longhorn.nix - ./esrom.nix - ./ek2024.nix ./metallb.nix ./cert-manager.nix ./custom - ./traefik.nix ./volumes.nix ./custom-types.nix ]; diff --git a/kubenix-modules/base.nix b/kubenix-modules/base.nix index dfff269..8e601e3 100644 --- a/kubenix-modules/base.nix +++ b/kubenix-modules/base.nix @@ -36,10 +36,10 @@ includeCRDs = false; }; - argo-workflows = { - chart = nixhelm.chartsDerivations.${system}.argoproj.argo-workflows; - includeCRDs = true; - }; + # argo-workflows = { + # chart = nixhelm.chartsDerivations.${system}.argoproj.argo-workflows; + # includeCRDs = true; + # }; longhorn = { chart = nixhelm.chartsDerivations.${system}.longhorn.longhorn; @@ -76,6 +76,7 @@ inbucket = { }; dns = { }; media = { }; + traefik = { }; }; nodes = diff --git a/kubenix-modules/ek2024.nix b/kubenix-modules/ek2024.nix deleted file mode 100644 index 89b83ea..0000000 --- a/kubenix-modules/ek2024.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - kubernetes.resources = { - services.ek2024.spec = { - type = "ExternalName"; - externalName = "ek2024.dmz"; - - ports.web = { - port = 80; - targetPort = 80; - }; - }; - }; - - lab.ingresses.ek2024 = { - host = "ek2024.kun.is"; - - service = { - name = "ek2024"; - portName = "web"; - }; - }; -} diff --git a/kubenix-modules/esrom.nix b/kubenix-modules/esrom.nix deleted file mode 100644 index 5c30a71..0000000 --- a/kubenix-modules/esrom.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - kubernetes.resources = { - services.esrom.spec = { - type = "ExternalName"; - externalName = "esrom.dmz"; - - ports.web = { - port = 80; - targetPort = 80; - }; - }; - }; - - lab.ingresses.esrom = { - host = "esrom.kun.is"; - - service = { - name = "esrom"; - portName = "web"; - }; - }; -} diff --git a/kubenix-modules/traefik.nix b/kubenix-modules/traefik.nix index 8cf58ec..293ac24 100644 --- a/kubenix-modules/traefik.nix +++ b/kubenix-modules/traefik.nix @@ -1,34 +1,78 @@ { lib, myLib, ... }: { - kubernetes.resources.helmChartConfigs = { - traefik = { - metadata.namespace = "kube-system"; + kubernetes.resources = { + helmChartConfigs = { + traefik = { + metadata.namespace = lib.mkForce "kube-system"; - # Override Traefik's service with a static load balancer IP. - # Create endpoint for HTTPS on port 444. - # Allow external name services for esrom. - spec.valuesContent = lib.generators.toYAML { } { - # service.annotations."metallb.universe.tf/loadBalancerIPs" = myLib.globals.traefikIPv4; - providers.kubernetesIngress.allowExternalNameServices = true; - service.loadBalancerIP = myLib.globals.traefikIPv4; + # Override Traefik's service with a static load balancer IP. + # Create endpoint for HTTPS on port 444. + # Allow external name services for servers in LAN. + spec.valuesContent = lib.generators.toYAML { } { + # service.annotations."metallb.universe.tf/loadBalancerIPs" = myLib.globals.traefikIPv4; + providers.kubernetesIngress.allowExternalNameServices = true; + service.loadBalancerIP = myLib.globals.traefikIPv4; - ports = { - localsecure = { - port = 8444; - expose = true; - exposedPort = 444; - protocol = "TCP"; + ports = { + localsecure = { + port = 8444; + expose = true; + exposedPort = 444; + protocol = "TCP"; - tls = { - enabled = true; - options = ""; - certResolver = ""; - domains = [ ]; + tls = { + enabled = true; + options = ""; + certResolver = ""; + domains = [ ]; + }; }; - }; - web.redirectTo = "websecure"; + web.redirectTo = "websecure"; + }; + }; + }; + }; + + services = { + ek2024.spec = { + type = "ExternalName"; + externalName = "ek2024.dmz"; + + ports.web = { + port = 80; + targetPort = 80; + }; + }; + + esrom.spec = { + type = "ExternalName"; + externalName = "esrom.dmz"; + + ports.web = { + port = 80; + targetPort = 80; }; }; }; }; + + lab.ingresses = { + ek2024 = { + host = "ek2024.kun.is"; + + service = { + name = "ek2024"; + portName = "web"; + }; + }; + + esrom = { + host = "esrom.kun.is"; + + service = { + name = "esrom"; + portName = "web"; + }; + }; + }; }