home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

feat: Expose Radicale, Paperless and FreshRSS only on Tailscale

Browse source 
fix: Fix flake output names
This commit is contained in:
Pim Kunis 2024-07-24 21:25:51 +02:00
parent 4e619eb0c4
commit f961fc24ea
7 changed files with 30 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -49,12 +49,12 @@ Each applyset is responsible for a set number of resources within a namespace.
If the cluster has not been initialized yet, we must bootstrap it first.
Run these deployments:
- `nix run '.#bootstrap-default.deploy'`
- `nix run '.#bootstrap-kube-system.deploy'`
- `nix run '.#bootstrap-default'`
- `nix run '.#bootstrap-kube-system'`
Now the cluster has been initialized and we can deploy applications.
To explore which applications we can deploy, run `nix flake show`.
Then, for each application, run `nix run '.#<application>.deploy'`.
Then, for each application, run `nix run '.#<application>'`.
## Known bugs

14
flake-parts/kubenix.nix
View file

@ -25,10 +25,7 @@
};
}).config.kubernetes;
mkManifest = name: { module, namespace }:
{
manifest = (mkKubernetes name module namespace).result;
};
mkManifest = name: { module, namespace }: (mkKubernetes name module namespace).result;
mkDeployApp = name: { module, namespace }:
let
@ -55,10 +52,8 @@
};
in
{
deploy = {
type = "app";
program = "${pkgs.lib.getExe wrappedDeployScript}";
};
type = "app";
program = "${pkgs.lib.getExe wrappedDeployScript}";
};
deployers = {
@ -184,5 +179,6 @@
};
in
{
apps = pkgs.lib.mergeAttrs (builtins.mapAttrs mkDeployApp deployers) (builtins.mapAttrs mkManifest deployers);
apps = builtins.mapAttrs mkDeployApp deployers;
packages = builtins.mapAttrs mkManifest deployers;
})

14
kubenix-modules/freshrss.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password";
@ -57,6 +57,8 @@
};
services.server.spec = {
type = "LoadBalancer";
loadBalancerIP = myLib.globals.freshrssIPv4;
selector.app = "freshrss";
ports.web = {
@ -67,13 +69,9 @@
};
lab = {
ingresses.web = {
host = "rss.kun.is";
service = {
name = "server";
portName = "web";
};
tailscaleIngresses.tailscale = {
host = "freshrss";
service.name = "server";
};
longhorn.persistentVolumeClaim.data = {

1
kubenix-modules/inbucket.nix
View file

@ -52,7 +52,6 @@
service.name = "inbucket";
};
ingresses.inbucket = {
host = "inbucket.kun.is";
entrypoint = "localsecure";

15
kubenix-modules/paperless.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
secrets = {
database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword";
@ -170,6 +170,9 @@
services = {
web.spec = {
type = "LoadBalancer";
loadBalancerIP = myLib.globals.paperlessIPv4;
selector = {
app = "paperless";
component = "web";
@ -208,13 +211,9 @@
};
lab = {
ingresses.web = {
host = "paperless.kun.is";
service = {
name = "web";
portName = "web";
};
tailscaleIngresses.tailscale = {
host = "paperless";
service.name = "web";
};
longhorn.persistentVolumeClaim = {

14
kubenix-modules/radicale.nix
View file

@ -1,4 +1,4 @@
{ lib, ... }: {
{ lib, myLib, ... }: {
kubernetes.resources = {
configMaps.server.data = {
users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";
@ -86,6 +86,8 @@
};
services.server.spec = {
type = "LoadBalancer";
loadBalancerIP = myLib.globals.radicaleIPv4;
selector.app = "radicale";
ports.web = {
@ -96,13 +98,9 @@
};
lab = {
ingresses.web = {
host = "dav.kun.is";
service = {
name = "server";
portName = "web";
};
tailscaleIngresses.tailscale = {
host = "radicale";
service.name = "server";
};
longhorn.persistentVolumeClaim.data = {

3
my-lib/globals.nix
View file

@ -20,4 +20,7 @@
prowlarrIPv4 = "192.168.30.141";
sonarrIPv4 = "192.168.30.142";
bazarrIPv4 = "192.168.30.143";
paperlessIPv4 = "192.168.30.144";
radicaleIPv4 = "192.168.30.145";
freshrssIPv4 = "192.168.30.146";
}