{ myLib, ... }: { kubernetes.resources = { secrets.pihole.stringData.webPassword = "ref+sops://secrets/kubernetes.yaml#/pihole/password"; deployments.pihole.spec = { selector.matchLabels.app = "pihole"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "pihole"; spec = { containers.pihole = { image = "pihole/pihole:latest"; env = { TZ.value = "Europe/Amsterdam"; PIHOLE_DNS_.value = "192.168.30.1"; WEBPASSWORD.valueFrom.secretKeyRef = { name = "pihole"; key = "webPassword"; }; }; ports = { web.containerPort = 80; dns = { containerPort = 53; protocol = "UDP"; }; }; volumeMounts = [ { name = "data"; mountPath = "/etc/pihole"; } { name = "dnsmasq"; mountPath = "/etc/dnsmasq.d"; } ]; }; volumes = { data.persistentVolumeClaim.claimName = "pihole-data"; dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq"; }; securityContext = { fsGroup = 1000; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; services = { pihole.spec = { type = "LoadBalancer"; loadBalancerIP = myLib.globals.piholeIPv4; selector.app = "pihole"; ports = { dns = { protocol = "UDP"; port = 53; targetPort = "dns"; }; web = { port = 80; targetPort = "web"; }; }; }; }; }; lab = { longhorn.persistentVolumeClaim = { pihole-data = { volumeName = "pihole-data"; storage = "750Mi"; }; pihole-dnsmasq = { volumeName = "pihole-dnsmasq"; storage = "16Mi"; }; }; tailscaleIngresses.tailscale-pihole = { host = "pihole"; service.name = "pihole"; }; }; }