From f961fc24ea4def9f079a0e9ef5ee18c7f32a21da Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Wed, 24 Jul 2024 21:25:51 +0200 Subject: [PATCH] feat: Expose Radicale, Paperless and FreshRSS only on Tailscale fix: Fix flake output names --- README.md | 6 +++--- flake-parts/kubenix.nix | 14 +++++--------- kubenix-modules/freshrss.nix | 14 ++++++-------- kubenix-modules/inbucket.nix | 1 - kubenix-modules/paperless.nix | 15 +++++++-------- kubenix-modules/radicale.nix | 14 ++++++-------- my-lib/globals.nix | 3 +++ 7 files changed, 30 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 6b74f72..a626806 100644 --- a/README.md +++ b/README.md @@ -49,12 +49,12 @@ Each applyset is responsible for a set number of resources within a namespace. If the cluster has not been initialized yet, we must bootstrap it first. Run these deployments: -- `nix run '.#bootstrap-default.deploy'` -- `nix run '.#bootstrap-kube-system.deploy'` +- `nix run '.#bootstrap-default'` +- `nix run '.#bootstrap-kube-system'` Now the cluster has been initialized and we can deploy applications. To explore which applications we can deploy, run `nix flake show`. -Then, for each application, run `nix run '.#.deploy'`. +Then, for each application, run `nix run '.#'`. ## Known bugs diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index 8893c62..b2cb229 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -25,10 +25,7 @@ }; }).config.kubernetes; - mkManifest = name: { module, namespace }: - { - manifest = (mkKubernetes name module namespace).result; - }; + mkManifest = name: { module, namespace }: (mkKubernetes name module namespace).result; mkDeployApp = name: { module, namespace }: let @@ -55,10 +52,8 @@ }; in { - deploy = { - type = "app"; - program = "${pkgs.lib.getExe wrappedDeployScript}"; - }; + type = "app"; + program = "${pkgs.lib.getExe wrappedDeployScript}"; }; deployers = { @@ -184,5 +179,6 @@ }; in { - apps = pkgs.lib.mergeAttrs (builtins.mapAttrs mkDeployApp deployers) (builtins.mapAttrs mkManifest deployers); + apps = builtins.mapAttrs mkDeployApp deployers; + packages = builtins.mapAttrs mkManifest deployers; }) diff --git a/kubenix-modules/freshrss.nix b/kubenix-modules/freshrss.nix index 0da1ce0..9d229c6 100644 --- a/kubenix-modules/freshrss.nix +++ b/kubenix-modules/freshrss.nix @@ -1,4 +1,4 @@ -{ +{ myLib, ... }: { kubernetes.resources = { secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password"; @@ -57,6 +57,8 @@ }; services.server.spec = { + type = "LoadBalancer"; + loadBalancerIP = myLib.globals.freshrssIPv4; selector.app = "freshrss"; ports.web = { @@ -67,13 +69,9 @@ }; lab = { - ingresses.web = { - host = "rss.kun.is"; - - service = { - name = "server"; - portName = "web"; - }; + tailscaleIngresses.tailscale = { + host = "freshrss"; + service.name = "server"; }; longhorn.persistentVolumeClaim.data = { diff --git a/kubenix-modules/inbucket.nix b/kubenix-modules/inbucket.nix index d9c2087..909c236 100644 --- a/kubenix-modules/inbucket.nix +++ b/kubenix-modules/inbucket.nix @@ -52,7 +52,6 @@ service.name = "inbucket"; }; - ingresses.inbucket = { host = "inbucket.kun.is"; entrypoint = "localsecure"; diff --git a/kubenix-modules/paperless.nix b/kubenix-modules/paperless.nix index 35caecd..6457e0c 100644 --- a/kubenix-modules/paperless.nix +++ b/kubenix-modules/paperless.nix @@ -1,4 +1,4 @@ -{ +{ myLib, ... }: { kubernetes.resources = { secrets = { database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword"; @@ -170,6 +170,9 @@ services = { web.spec = { + type = "LoadBalancer"; + loadBalancerIP = myLib.globals.paperlessIPv4; + selector = { app = "paperless"; component = "web"; @@ -208,13 +211,9 @@ }; lab = { - ingresses.web = { - host = "paperless.kun.is"; - - service = { - name = "web"; - portName = "web"; - }; + tailscaleIngresses.tailscale = { + host = "paperless"; + service.name = "web"; }; longhorn.persistentVolumeClaim = { diff --git a/kubenix-modules/radicale.nix b/kubenix-modules/radicale.nix index ab2301d..447637a 100644 --- a/kubenix-modules/radicale.nix +++ b/kubenix-modules/radicale.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ lib, myLib, ... }: { kubernetes.resources = { configMaps.server.data = { users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; @@ -86,6 +86,8 @@ }; services.server.spec = { + type = "LoadBalancer"; + loadBalancerIP = myLib.globals.radicaleIPv4; selector.app = "radicale"; ports.web = { @@ -96,13 +98,9 @@ }; lab = { - ingresses.web = { - host = "dav.kun.is"; - - service = { - name = "server"; - portName = "web"; - }; + tailscaleIngresses.tailscale = { + host = "radicale"; + service.name = "server"; }; longhorn.persistentVolumeClaim.data = { diff --git a/my-lib/globals.nix b/my-lib/globals.nix index e9a5806..d868d4a 100644 --- a/my-lib/globals.nix +++ b/my-lib/globals.nix @@ -20,4 +20,7 @@ prowlarrIPv4 = "192.168.30.141"; sonarrIPv4 = "192.168.30.142"; bazarrIPv4 = "192.168.30.143"; + paperlessIPv4 = "192.168.30.144"; + radicaleIPv4 = "192.168.30.145"; + freshrssIPv4 = "192.168.30.146"; }