{ myLib, ... }: { kubernetes.resources = { configMaps.pihole.data = { TZ = "Europe/Amsterdam"; PIHOLE_DNS_ = "192.168.30.1"; }; secrets.pihole.stringData.webPassword = "ref+file:///home/pim/.config/home/vals.yaml#/pihole/password"; deployments.pihole = { metadata.labels.app = "pihole"; spec = { selector.matchLabels.app = "pihole"; template = { metadata.labels.app = "pihole"; spec = { containers.pihole = { image = "pihole/pihole:latest"; envFrom = [{ configMapRef.name = "pihole"; }]; ports = [ { containerPort = 80; protocol = "TCP"; } { containerPort = 53; protocol = "UDP"; } ]; env = [{ # TODO: simplify this by using env.WEBPASSWORD? name = "WEBPASSWORD"; valueFrom.secretKeyRef = { name = "pihole"; key = "webPassword"; }; }]; volumeMounts = [ { name = "data"; mountPath = "/etc/pihole"; } { name = "dnsmasq"; mountPath = "/etc/dnsmasq.d"; } ]; }; volumes = [ { name = "data"; persistentVolumeClaim.claimName = "pihole-data"; } { name = "dnsmasq"; persistentVolumeClaim.claimName = "pihole-dnsmasq"; } ]; }; }; }; }; persistentVolumes = { pihole-data.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; path = "/mnt/data/nfs/pihole/data"; }; }; pihole-dnsmasq.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; path = "/mnt/data/nfs/pihole/dnsmasq"; }; }; }; persistentVolumeClaims = { pihole-data.spec = { accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "pihole-data"; }; pihole-dnsmasq.spec = { accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "pihole-dnsmasq"; }; }; services = { pihole-web.spec = { selector.app = "pihole"; ports = [{ protocol = "TCP"; port = 80; targetPort = 80; }]; }; pihole-dns.spec = { type = "LoadBalancer"; loadBalancerIP = myLib.globals.piholeIPv4; selector.app = "pihole"; ports = [{ protocol = "UDP"; port = 53; targetPort = 53; }]; }; }; ingresses.pihole-web = { metadata.annotations = { "cert-manager.io/cluster-issuer" = "letsencrypt"; "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure"; }; spec = { ingressClassName = "traefik"; rules = [{ host = "pihole.kun.is"; http.paths = [{ path = "/"; pathType = "Prefix"; backend.service = { name = "pihole-web"; port.number = 80; }; }]; }]; tls = [{ secretName = "pihole-tls"; hosts = [ "pihole.kun.is" ]; }]; }; }; }; }