feat: Expose Radicale, Paperless and FreshRSS only on Tailscale

fix: Fix flake output names
This commit is contained in:
Pim Kunis 2024-07-24 21:25:51 +02:00
parent 4e619eb0c4
commit f961fc24ea
7 changed files with 30 additions and 37 deletions

View file

@ -49,12 +49,12 @@ Each applyset is responsible for a set number of resources within a namespace.
If the cluster has not been initialized yet, we must bootstrap it first. If the cluster has not been initialized yet, we must bootstrap it first.
Run these deployments: Run these deployments:
- `nix run '.#bootstrap-default.deploy'` - `nix run '.#bootstrap-default'`
- `nix run '.#bootstrap-kube-system.deploy'` - `nix run '.#bootstrap-kube-system'`
Now the cluster has been initialized and we can deploy applications. Now the cluster has been initialized and we can deploy applications.
To explore which applications we can deploy, run `nix flake show`. To explore which applications we can deploy, run `nix flake show`.
Then, for each application, run `nix run '.#<application>.deploy'`. Then, for each application, run `nix run '.#<application>'`.
## Known bugs ## Known bugs

View file

@ -25,10 +25,7 @@
}; };
}).config.kubernetes; }).config.kubernetes;
mkManifest = name: { module, namespace }: mkManifest = name: { module, namespace }: (mkKubernetes name module namespace).result;
{
manifest = (mkKubernetes name module namespace).result;
};
mkDeployApp = name: { module, namespace }: mkDeployApp = name: { module, namespace }:
let let
@ -55,11 +52,9 @@
}; };
in in
{ {
deploy = {
type = "app"; type = "app";
program = "${pkgs.lib.getExe wrappedDeployScript}"; program = "${pkgs.lib.getExe wrappedDeployScript}";
}; };
};
deployers = { deployers = {
bootstrap-default = { bootstrap-default = {
@ -184,5 +179,6 @@
}; };
in in
{ {
apps = pkgs.lib.mergeAttrs (builtins.mapAttrs mkDeployApp deployers) (builtins.mapAttrs mkManifest deployers); apps = builtins.mapAttrs mkDeployApp deployers;
packages = builtins.mapAttrs mkManifest deployers;
}) })

View file

@ -1,4 +1,4 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password"; secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password";
@ -57,6 +57,8 @@
}; };
services.server.spec = { services.server.spec = {
type = "LoadBalancer";
loadBalancerIP = myLib.globals.freshrssIPv4;
selector.app = "freshrss"; selector.app = "freshrss";
ports.web = { ports.web = {
@ -67,13 +69,9 @@
}; };
lab = { lab = {
ingresses.web = { tailscaleIngresses.tailscale = {
host = "rss.kun.is"; host = "freshrss";
service.name = "server";
service = {
name = "server";
portName = "web";
};
}; };
longhorn.persistentVolumeClaim.data = { longhorn.persistentVolumeClaim.data = {

View file

@ -52,7 +52,6 @@
service.name = "inbucket"; service.name = "inbucket";
}; };
ingresses.inbucket = { ingresses.inbucket = {
host = "inbucket.kun.is"; host = "inbucket.kun.is";
entrypoint = "localsecure"; entrypoint = "localsecure";

View file

@ -1,4 +1,4 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
secrets = { secrets = {
database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword"; database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword";
@ -170,6 +170,9 @@
services = { services = {
web.spec = { web.spec = {
type = "LoadBalancer";
loadBalancerIP = myLib.globals.paperlessIPv4;
selector = { selector = {
app = "paperless"; app = "paperless";
component = "web"; component = "web";
@ -208,13 +211,9 @@
}; };
lab = { lab = {
ingresses.web = { tailscaleIngresses.tailscale = {
host = "paperless.kun.is"; host = "paperless";
service.name = "web";
service = {
name = "web";
portName = "web";
};
}; };
longhorn.persistentVolumeClaim = { longhorn.persistentVolumeClaim = {

View file

@ -1,4 +1,4 @@
{ lib, ... }: { { lib, myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
configMaps.server.data = { configMaps.server.data = {
users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";
@ -86,6 +86,8 @@
}; };
services.server.spec = { services.server.spec = {
type = "LoadBalancer";
loadBalancerIP = myLib.globals.radicaleIPv4;
selector.app = "radicale"; selector.app = "radicale";
ports.web = { ports.web = {
@ -96,13 +98,9 @@
}; };
lab = { lab = {
ingresses.web = { tailscaleIngresses.tailscale = {
host = "dav.kun.is"; host = "radicale";
service.name = "server";
service = {
name = "server";
portName = "web";
};
}; };
longhorn.persistentVolumeClaim.data = { longhorn.persistentVolumeClaim.data = {

View file

@ -20,4 +20,7 @@
prowlarrIPv4 = "192.168.30.141"; prowlarrIPv4 = "192.168.30.141";
sonarrIPv4 = "192.168.30.142"; sonarrIPv4 = "192.168.30.142";
bazarrIPv4 = "192.168.30.143"; bazarrIPv4 = "192.168.30.143";
paperlessIPv4 = "192.168.30.144";
radicaleIPv4 = "192.168.30.145";
freshrssIPv4 = "192.168.30.146";
} }