114 lines
3.3 KiB
Nix
114 lines
3.3 KiB
Nix
{ self, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem
|
|
(system: {
|
|
kubenix = kubenix.packages.${system}.default.override {
|
|
specialArgs.flake = self;
|
|
|
|
module = { kubenix, ... }: {
|
|
imports = [
|
|
kubenix.modules.k8s
|
|
kubenix.modules.helm
|
|
# ./freshrss.nix
|
|
];
|
|
kubernetes.kubeconfig = "~/.kube/config";
|
|
kubenix.project = "home";
|
|
|
|
kubernetes = {
|
|
# namespace = "kubenix";
|
|
|
|
customTypes = {
|
|
# HACK: These are dummy custom types.
|
|
# This is needed, because the CRDs imported as a chart are not available as Nix modules.
|
|
# There is no nix-based validation on resources defined using these types!
|
|
# See: https://github.com/hall/kubenix/issues/34
|
|
ipAddressPool = {
|
|
attrName = "ipAddressPools";
|
|
group = "metallb.io";
|
|
version = "v1beta1";
|
|
kind = "IPAddressPool";
|
|
};
|
|
|
|
l2Advertisement = {
|
|
attrName = "l2Advertisements";
|
|
group = "metallb.io";
|
|
version = "v1beta1";
|
|
kind = "L2Advertisement";
|
|
};
|
|
};
|
|
|
|
resources = {
|
|
# namespaces = {
|
|
# kubenix = { };
|
|
|
|
# metallb-system.metadata.labels = {
|
|
# "pod-security.kubernetes.io/enforce" = "privileged";
|
|
# "pod-security.kubernetes.io/audit" = "privileged";
|
|
# "pod-security.kubernetes.io/warn" = "privileged";
|
|
# };
|
|
# };
|
|
|
|
deployments.cyberchef.spec = {
|
|
replicas = 3;
|
|
selector.matchLabels.app = "cyberchef";
|
|
|
|
template = {
|
|
metadata.labels.app = "cyberchef";
|
|
|
|
spec = {
|
|
containers.cyberchef = {
|
|
image = "mpepping/cyberchef";
|
|
|
|
ports = [{
|
|
containerPort = 8000;
|
|
protocol = "TCP";
|
|
}];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
services.cyberchef.spec = {
|
|
selector.app = "cyberchef";
|
|
|
|
ports = [{
|
|
protocol = "TCP";
|
|
port = 80;
|
|
targetPort = 8000;
|
|
}];
|
|
};
|
|
|
|
ingresses.cyberchef.spec = {
|
|
ingressClassName = "traefik";
|
|
|
|
rules = [{
|
|
host = "cyberchef.kun.is";
|
|
|
|
http.paths = [{
|
|
path = "/";
|
|
pathType = "Prefix";
|
|
|
|
backend.service = {
|
|
name = "cyberchef";
|
|
port.number = 80;
|
|
};
|
|
}];
|
|
}];
|
|
};
|
|
|
|
ipAddressPools.main = {
|
|
# metadata.namespace = "metallb-system";
|
|
spec.addresses = [ "192.168.40.100-192.168.40.254" ];
|
|
};
|
|
|
|
# l2Advertisements.main.metadata.namespace = "metallb-system";
|
|
l2Advertisements.main.metadata = { };
|
|
};
|
|
|
|
helm.releases.metallb = {
|
|
chart = nixhelm.chartsDerivations.${system}.metallb.metallb;
|
|
# namespace = "metallb-system";
|
|
includeCRDs = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
})
|