{ myLib, ... }: { kubernetes.resources = { secrets.pihole.stringData.webPassword = "ref+sops://secrets/kubernetes.yaml#/pihole/password"; deployments.pihole.spec = { selector.matchLabels.app = "pihole"; template = { metadata.labels.app = "pihole"; spec = { containers.pihole = { image = "pihole/pihole:latest"; env = { TZ.value = "Europe/Amsterdam"; PIHOLE_DNS_.value = "192.168.30.1"; WEBPASSWORD.valueFrom.secretKeyRef = { name = "pihole"; key = "webPassword"; }; }; ports = { web.containerPort = 80; dns = { containerPort = 53; protocol = "UDP"; }; }; volumeMounts = [ { name = "data"; mountPath = "/etc/pihole"; } { name = "dnsmasq"; mountPath = "/etc/dnsmasq.d"; } ]; }; volumes = { data.persistentVolumeClaim.claimName = "data"; dnsmasq.persistentVolumeClaim.claimName = "dnsmasq"; }; securityContext = { fsGroup = 1000; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; services = { web.spec = { selector.app = "pihole"; ports.web = { port = 80; targetPort = "web"; }; }; dns.spec = { type = "LoadBalancer"; loadBalancerIP = myLib.globals.piholeIPv4; selector.app = "pihole"; ports.dns = { protocol = "UDP"; port = 53; targetPort = "dns"; }; }; }; }; lab = { ingresses.pihole = { host = "pihole.kun.is"; entrypoint = "localsecure"; service = { name = "web"; portName = "web"; }; }; longhorn.persistentVolumeClaim = { data = { volumeName = "pihole-data"; storage = "750Mi"; }; dnsmasq = { volumeName = "pihole-dnsmasq"; storage = "16Mi"; }; }; }; }