feat: Expose Radicale, Paperless and FreshRSS only on Tailscale
fix: Fix flake output names
This commit is contained in:
parent
4e619eb0c4
commit
f961fc24ea
7 changed files with 30 additions and 37 deletions
|
@ -49,12 +49,12 @@ Each applyset is responsible for a set number of resources within a namespace.
|
||||||
|
|
||||||
If the cluster has not been initialized yet, we must bootstrap it first.
|
If the cluster has not been initialized yet, we must bootstrap it first.
|
||||||
Run these deployments:
|
Run these deployments:
|
||||||
- `nix run '.#bootstrap-default.deploy'`
|
- `nix run '.#bootstrap-default'`
|
||||||
- `nix run '.#bootstrap-kube-system.deploy'`
|
- `nix run '.#bootstrap-kube-system'`
|
||||||
|
|
||||||
Now the cluster has been initialized and we can deploy applications.
|
Now the cluster has been initialized and we can deploy applications.
|
||||||
To explore which applications we can deploy, run `nix flake show`.
|
To explore which applications we can deploy, run `nix flake show`.
|
||||||
Then, for each application, run `nix run '.#<application>.deploy'`.
|
Then, for each application, run `nix run '.#<application>'`.
|
||||||
|
|
||||||
## Known bugs
|
## Known bugs
|
||||||
|
|
||||||
|
|
|
@ -25,10 +25,7 @@
|
||||||
};
|
};
|
||||||
}).config.kubernetes;
|
}).config.kubernetes;
|
||||||
|
|
||||||
mkManifest = name: { module, namespace }:
|
mkManifest = name: { module, namespace }: (mkKubernetes name module namespace).result;
|
||||||
{
|
|
||||||
manifest = (mkKubernetes name module namespace).result;
|
|
||||||
};
|
|
||||||
|
|
||||||
mkDeployApp = name: { module, namespace }:
|
mkDeployApp = name: { module, namespace }:
|
||||||
let
|
let
|
||||||
|
@ -55,11 +52,9 @@
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
deploy = {
|
|
||||||
type = "app";
|
type = "app";
|
||||||
program = "${pkgs.lib.getExe wrappedDeployScript}";
|
program = "${pkgs.lib.getExe wrappedDeployScript}";
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
deployers = {
|
deployers = {
|
||||||
bootstrap-default = {
|
bootstrap-default = {
|
||||||
|
@ -184,5 +179,6 @@
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
apps = pkgs.lib.mergeAttrs (builtins.mapAttrs mkDeployApp deployers) (builtins.mapAttrs mkManifest deployers);
|
apps = builtins.mapAttrs mkDeployApp deployers;
|
||||||
|
packages = builtins.mapAttrs mkManifest deployers;
|
||||||
})
|
})
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{
|
{ myLib, ... }: {
|
||||||
kubernetes.resources = {
|
kubernetes.resources = {
|
||||||
secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password";
|
secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password";
|
||||||
|
|
||||||
|
@ -57,6 +57,8 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.server.spec = {
|
services.server.spec = {
|
||||||
|
type = "LoadBalancer";
|
||||||
|
loadBalancerIP = myLib.globals.freshrssIPv4;
|
||||||
selector.app = "freshrss";
|
selector.app = "freshrss";
|
||||||
|
|
||||||
ports.web = {
|
ports.web = {
|
||||||
|
@ -67,13 +69,9 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
lab = {
|
lab = {
|
||||||
ingresses.web = {
|
tailscaleIngresses.tailscale = {
|
||||||
host = "rss.kun.is";
|
host = "freshrss";
|
||||||
|
service.name = "server";
|
||||||
service = {
|
|
||||||
name = "server";
|
|
||||||
portName = "web";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
longhorn.persistentVolumeClaim.data = {
|
longhorn.persistentVolumeClaim.data = {
|
||||||
|
|
|
@ -52,7 +52,6 @@
|
||||||
service.name = "inbucket";
|
service.name = "inbucket";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
ingresses.inbucket = {
|
ingresses.inbucket = {
|
||||||
host = "inbucket.kun.is";
|
host = "inbucket.kun.is";
|
||||||
entrypoint = "localsecure";
|
entrypoint = "localsecure";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{
|
{ myLib, ... }: {
|
||||||
kubernetes.resources = {
|
kubernetes.resources = {
|
||||||
secrets = {
|
secrets = {
|
||||||
database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword";
|
database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword";
|
||||||
|
@ -170,6 +170,9 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
web.spec = {
|
web.spec = {
|
||||||
|
type = "LoadBalancer";
|
||||||
|
loadBalancerIP = myLib.globals.paperlessIPv4;
|
||||||
|
|
||||||
selector = {
|
selector = {
|
||||||
app = "paperless";
|
app = "paperless";
|
||||||
component = "web";
|
component = "web";
|
||||||
|
@ -208,13 +211,9 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
lab = {
|
lab = {
|
||||||
ingresses.web = {
|
tailscaleIngresses.tailscale = {
|
||||||
host = "paperless.kun.is";
|
host = "paperless";
|
||||||
|
service.name = "web";
|
||||||
service = {
|
|
||||||
name = "web";
|
|
||||||
portName = "web";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
longhorn.persistentVolumeClaim = {
|
longhorn.persistentVolumeClaim = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ lib, ... }: {
|
{ lib, myLib, ... }: {
|
||||||
kubernetes.resources = {
|
kubernetes.resources = {
|
||||||
configMaps.server.data = {
|
configMaps.server.data = {
|
||||||
users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";
|
users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";
|
||||||
|
@ -86,6 +86,8 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.server.spec = {
|
services.server.spec = {
|
||||||
|
type = "LoadBalancer";
|
||||||
|
loadBalancerIP = myLib.globals.radicaleIPv4;
|
||||||
selector.app = "radicale";
|
selector.app = "radicale";
|
||||||
|
|
||||||
ports.web = {
|
ports.web = {
|
||||||
|
@ -96,13 +98,9 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
lab = {
|
lab = {
|
||||||
ingresses.web = {
|
tailscaleIngresses.tailscale = {
|
||||||
host = "dav.kun.is";
|
host = "radicale";
|
||||||
|
service.name = "server";
|
||||||
service = {
|
|
||||||
name = "server";
|
|
||||||
portName = "web";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
longhorn.persistentVolumeClaim.data = {
|
longhorn.persistentVolumeClaim.data = {
|
||||||
|
|
|
@ -20,4 +20,7 @@
|
||||||
prowlarrIPv4 = "192.168.30.141";
|
prowlarrIPv4 = "192.168.30.141";
|
||||||
sonarrIPv4 = "192.168.30.142";
|
sonarrIPv4 = "192.168.30.142";
|
||||||
bazarrIPv4 = "192.168.30.143";
|
bazarrIPv4 = "192.168.30.143";
|
||||||
|
paperlessIPv4 = "192.168.30.144";
|
||||||
|
radicaleIPv4 = "192.168.30.145";
|
||||||
|
freshrssIPv4 = "192.168.30.146";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue