feat(homelab): start implementing route generation

2025-12-28 01:58:34 -08:00
parent d1b81ce0db
commit 0993820675
16 changed files with 879 additions and 49 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+nix/homelab/target
--- a/nix/homelab/Cargo.lock
+++ b/nix/homelab/Cargo.lock
@@ -0,0 +1,322 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "anstream"
+version = "0.6.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43d5b281e737544384e969a5ccad3f1cdd24b48086a0fc1b2a5262a26b8f4f4a"
+dependencies = [
+ "anstyle",
+ "anstyle-parse",
+ "anstyle-query",
+ "anstyle-wincon",
+ "colorchoice",
+ "is_terminal_polyfill",
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle"
+version = "1.0.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78"
+
+[[package]]
+name = "anstyle-parse"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2"
+dependencies = [
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle-query"
+version = "1.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc"
+dependencies = [
+ "windows-sys",
+]
+
+[[package]]
+name = "anstyle-wincon"
+version = "3.0.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d"
+dependencies = [
+ "anstyle",
+ "once_cell_polyfill",
+ "windows-sys",
+]
+
+[[package]]
+name = "anyhow"
+version = "1.0.100"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
+
+[[package]]
+name = "clap"
+version = "4.5.53"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8"
+dependencies = [
+ "clap_builder",
+ "clap_derive",
+]
+
+[[package]]
+name = "clap_builder"
+version = "4.5.53"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00"
+dependencies = [
+ "anstream",
+ "anstyle",
+ "clap_lex",
+ "strsim",
+]
+
+[[package]]
+name = "clap_derive"
+version = "4.5.49"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a0b5487afeab2deb2ff4e03a807ad1a03ac532ff5a2cee5d86884440c7f7671"
+dependencies = [
+ "heck",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "clap_lex"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d"
+
+[[package]]
+name = "colorchoice"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75"
+
+[[package]]
+name = "equivalent"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
+
+[[package]]
+name = "hashbrown"
+version = "0.16.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
+
+[[package]]
+name = "heck"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
+
+[[package]]
+name = "homelab"
+version = "0.1.0"
+dependencies = [
+ "anyhow",
+ "clap",
+ "serde",
+ "thiserror",
+ "toml",
+]
+
+[[package]]
+name = "indexmap"
+version = "2.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ad4bb2b565bca0645f4d68c5c9af97fba094e9791da685bf83cb5f3ce74acf2"
+dependencies = [
+ "equivalent",
+ "hashbrown",
+]
+
+[[package]]
+name = "is_terminal_polyfill"
+version = "1.70.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695"
+
+[[package]]
+name = "once_cell_polyfill"
+version = "1.70.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe"
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.103"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.42"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a338cc41d27e6cc6dce6cefc13a0729dfbb81c262b1f519331575dd80ef3067f"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "serde"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "serde_spanned"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "strsim"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
+
+[[package]]
+name = "syn"
+version = "2.0.111"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "thiserror"
+version = "2.0.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f63587ca0f12b72a0600bcba1d40081f830876000bb46dd2337a3051618f4fc8"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "2.0.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ff15c8ecd7de3849db632e14d18d2571fa09dfc5ed93479bc4485c7a517c913"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "toml"
+version = "0.9.10+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0825052159284a1a8b4d6c0c86cbc801f2da5afd2b225fa548c72f2e74002f48"
+dependencies = [
+ "indexmap",
+ "serde_core",
+ "serde_spanned",
+ "toml_datetime",
+ "toml_parser",
+ "toml_writer",
+ "winnow",
+]
+
+[[package]]
+name = "toml_datetime"
+version = "0.7.5+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "toml_parser"
+version = "1.0.6+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a3198b4b0a8e11f09dd03e133c0280504d0801269e9afa46362ffde1cbeebf44"
+dependencies = [
+ "winnow",
+]
+
+[[package]]
+name = "toml_writer"
+version = "1.0.6+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5"
+
+[[package]]
+name = "utf8parse"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
+
+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
+[[package]]
+name = "windows-sys"
+version = "0.61.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
+dependencies = [
+ "windows-link",
+]
+
+[[package]]
+name = "winnow"
+version = "0.7.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a5364e9d77fcdeeaa6062ced926ee3381faa2ee02d3eb83a5c27a8825540829"
--- a/nix/homelab/Cargo.toml
+++ b/nix/homelab/Cargo.toml
@@ -0,0 +1,11 @@
+[package]
+name = "homelab"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+anyhow = "1.0.100"
+clap = { version = "4.5.53", features = ["derive"] }
+serde = { version = "1.0.228", features = ["serde_derive"] }
+thiserror = "2.0.17"
+toml = "0.9.10"
--- a/nix/homelab/config.toml
+++ b/nix/homelab/config.toml
@@ -0,0 +1,33 @@
+routes = [
+  {
+    name = "gitea",
+    hostname = "git",
+    namespace = "git",
+    service = "gitea-http",
+    port = 3000,
+    private = false
+  },
+  {
+    name = "sonarr",
+    hostname = "sonarr",
+    namespace = "media",
+    port = 8787,
+    private = true
+  },
+  {
+    name = "longhorn",
+    hostname = "storage",
+    namespace = "longhorn-system",
+    service = "longhorn-frontend",
+    port = 80,
+    private = true
+  },
+  {
+    name = "pihole",
+    hostname = "pihole",
+    namespace = "pihole-system",
+    service = "pihole-web",
+    port = 80,
+    private = true
+  }
+]
--- a/nix/homelab/flake.nix
+++ b/nix/homelab/flake.nix
@@ -20,6 +20,16 @@
          architecture = "x86_64-linux";
        }
      ];
+      systems = [ "x86_64-linux" ];
+      forAllSystems =
+        f:
+        nixpkgs.lib.genAttrs systems (
+          system:
+          f {
+            inherit system;
+            pkgs = nixpkgs.legacyPackages.${system};
+          }
+        );
    in
    {
      nixosConfigurations = builtins.listToAttrs (
@@ -49,5 +59,16 @@
          };
        }) nodes
      );
+      devShells = forAllSystems (
+        { system, pkgs }:
+        {
+          default = pkgs.mkShell {
+            buildInputs = with pkgs; [
+              openssl
+              pkgconf
+            ];
+          };
+        }
+      );
    };
 }
--- a/nix/homelab/kustomize/kustomization.yaml
+++ b/nix/homelab/kustomize/kustomization.yaml
@@ -15,3 +15,5 @@ resources:
  - ./routes/consul-media.yaml
  - ./routes/consul-vaultwarden.yaml
  - ./routes/pihole.yaml
+  - ./routes/media/sonarr.yaml
+  - ./media/sonarr.yaml
--- a/nix/homelab/kustomize/media/sonarr.yaml
+++ b/nix/homelab/kustomize/media/sonarr.yaml
@@ -0,0 +1,95 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: media
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sonarr-config
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sonarr
+  namespace: media
+  labels:
+    app: sonarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sonarr
+  template:
+    metadata:
+      labels:
+        app: sonarr
+    spec:
+      containers:
+        - name: sonarr
+          image: lscr.io/linuxserver/sonarr
+          ports:
+            - containerPort: 8989
+              name: http
+          env:
+            - name: PUID
+              value: "1000"
+            - name: PGID
+              value: "1000"
+            - name: TZ
+              value: "America/Vancouver"
+          volumeMounts:
+            - name: config
+              mountPath: /config
+            - name: data
+              mountPath: /mnt/data
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 1
+              memory: 1Gi
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 30
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8989
+            initialDelaySeconds: 10
+            periodSeconds: 10
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: sonarr-config
+        - name: data
+          nfs:
+            server: 192.168.27.2
+            path: /data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sonarr
+  namespace: media
+  labels:
+    app: sonarr
+spec:
+  selector:
+    app: sonarr
+  ports:
+    - port: 8989
+      targetPort: 8989
+      protocol: TCP
+      name: http
--- a/nix/homelab/kustomize/routes.yaml
+++ b/nix/homelab/kustomize/routes.yaml
@@ -0,0 +1,81 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: gitea
+  namespace: git
+spec:
+  parentRefs:
+    - name: traefik-gateway
+      namespace: kube-system
+  hostnames:
+    - git.lucalise.ca
+  rules:
+    - backendRefs:
+        - name: gitea-http
+          port: 3000
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: sonarr
+  namespace: media
+spec:
+  parentRefs:
+    - name: traefik-gateway
+      namespace: kube-system
+  hostnames:
+    - sonarr.lucalise.ca
+  rules:
+    - backendRefs:
+        - name: sonarr
+          port: 8787
+      filters:
+        - type: ExtensionRef
+          extensionRef:
+            group: traefik.io
+            kind: Middleware
+            name: private-networks
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: longhorn
+  namespace: longhorn-system
+spec:
+  parentRefs:
+    - name: traefik-gateway
+      namespace: kube-system
+  hostnames:
+    - storage.lucalise.ca
+  rules:
+    - backendRefs:
+        - name: longhorn-frontend
+          port: 80
+      filters:
+        - type: ExtensionRef
+          extensionRef:
+            group: traefik.io
+            kind: Middleware
+            name: private-networks
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: pihole
+  namespace: pihole-system
+spec:
+  parentRefs:
+    - name: traefik-gateway
+      namespace: kube-system
+  hostnames:
+    - pihole.lucalise.ca
+  rules:
+    - backendRefs:
+        - name: pihole-web
+          port: 80
+      filters:
+        - type: ExtensionRef
+          extensionRef:
+            group: traefik.io
+            kind: Middleware
+            name: private-networks
--- a/nix/homelab/kustomize/routes/consul-media.yaml
+++ b/nix/homelab/kustomize/routes/consul-media.yaml
@@ -117,45 +117,6 @@ spec:
 ---
 apiVersion: v1
 kind: Service
-metadata:
-  name: sonarr
-  namespace: media
-spec:
-  ports:
-    - port: 8989
-      targetPort: 8989
-      protocol: TCP
---
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: sonarr
-  namespace: media
-subsets:
-  - addresses:
-      - ip: 192.168.20.16
-    ports:
-      - port: 8989
-        protocol: TCP
---
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: sonarr
-  namespace: media
-spec:
-  parentRefs:
-    - name: traefik-gateway
-      namespace: kube-system
-  hostnames:
-    - "sonarr.lucalise.ca"
-  rules:
-    - backendRefs:
-        - name: sonarr
-          port: 8989
---
-apiVersion: v1
-kind: Service
 metadata:
  name: qbittorrent
  namespace: media
--- a/nix/homelab/kustomize/routes/home-assistant.yaml
+++ b/nix/homelab/kustomize/routes/home-assistant.yaml
@@ -2,7 +2,7 @@ apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: home-assistant
-  namespace: home
+  namespace: media
 spec:
  parentRefs:
    - name: traefik-gateway
@@ -18,4 +18,4 @@ spec:
              name: private-networks
        backendRefs:
          - name: home-assistant
-          port: 8080
+            port: 8123
--- a/nix/homelab/kustomize/traefik/chains.yaml
+++ b/nix/homelab/kustomize/traefik/chains.yaml
@@ -30,3 +30,14 @@ spec:
    middlewares:
      - name: private-networks
        namespace: kube-system
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: private-networks 
+  namespace: media
+spec:
+  chain:
+    middlewares:
+      - name: private-networks
+        namespace: kube-system
--- a/nix/homelab/scripts/generate-chains.sh
+++ b/nix/homelab/scripts/generate-chains.sh
@@ -6,6 +6,7 @@ NAMESPACES=(
  "home"
  "longhorn-system"
  "pihole-system"
+  "media"
 )

 OUTPUT_FILE="kustomize/traefik/chains.yaml"
--- a/nix/homelab/scripts/generate-routes.sh
+++ b/nix/homelab/scripts/generate-routes.sh
@@ -0,0 +1,155 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Route definitions: name:hostname:port:protocol:private
+# - name: service name (required)
+# - hostname: custom hostname, use '-' for default (name.lucalise.ca)
+# - port: service port (required)
+# - protocol: TCP (default) or UDP
+# - private: true/false (default false) - adds private-networks middleware
+ROUTES=(
+  "sonarr:-:8989:TCP:true"
+  "radarr:-:7878:TCP:true"
+  "prowlarr:-:9696:TCP:true"
+  "bazarr:-:6767:TCP:true"
+  "jellyfin:media:8096:TCP:false"
+  "home-assistant:-:8123:TCP:true"
+)
+
+DOMAIN="lucalise.ca"
+OUTPUT_DIR="kustomize/routes"
+
+generate_http_route() {
+  local name="$1"
+  local hostname="$2"
+  local port="$3"
+  local protocol="$4"
+  local private="$5"
+
+  if [[ -z "$hostname" || "$hostname" == "-" ]]; then
+    hostname="$name"
+  fi
+
+  if [[ -z "$protocol" ]]; then
+    protocol="TCP"
+  fi
+
+  if [[ -z "$private" ]]; then
+    private="false"
+  fi
+
+  local fqdn="${hostname}.${DOMAIN}"
+
+  local filters_section=""
+  if [[ "$private" == "true" ]]; then
+    filters_section="      - filters:
+          - type: ExtensionRef
+            extensionRef:
+              group: traefik.io
+              kind: Middleware
+              name: private-networks
+        backendRefs:"
+  else
+    filters_section="      - backendRefs:"
+  fi
+
+  cat <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: ${name}
+  namespace: media
+spec:
+  parentRefs:
+    - name: traefik-gateway
+      namespace: kube-system
+  hostnames:
+    - "${fqdn}"
+  rules:
+${filters_section}
+          - name: ${name}
+            port: ${port}
+EOF
+}
+
+write_kustomization() {
+  local kustomization_file="${OUTPUT_DIR}/../kustomization.yaml"
+  local temp_file=$(mktemp)
+
+  # Collect new route paths
+  local route_paths=()
+  for route in "${ROUTES[@]}"; do
+    IFS=':' read -r name _ _ _ _ <<< "$route"
+    route_paths+=("  - ./routes/${name}.yaml")
+  done
+
+  local in_resources=false
+  local resources_written=false
+  
+  while IFS= read -r line; do
+    # Detect resources section
+    if [[ "$line" == "resources:" ]]; then
+      in_resources=true
+      echo "$line" >> "$temp_file"
+      continue
+    fi
+
+    # If in resources section
+    if [[ "$in_resources" == true ]]; then
+      # Check if line is a resource entry (starts with "  - ")
+      if [[ "$line" =~ ^[[:space:]]*-[[:space:]] ]]; then
+        # Skip route entries, keep everything else
+        if [[ "$line" =~ \./routes/ ]]; then
+          continue
+        else
+          echo "$line" >> "$temp_file"
+        fi
+      else
+        # End of resources section - write new routes before moving on
+        if [[ "$resources_written" == false ]]; then
+          for route_path in "${route_paths[@]}"; do
+            echo "$route_path" >> "$temp_file"
+          done
+          resources_written=true
+        fi
+        in_resources=false
+        echo "$line" >> "$temp_file"
+      fi
+    else
+      echo "$line" >> "$temp_file"
+    fi
+  done < "$kustomization_file"
+
+  # If file ended while still in resources section, write routes now
+  if [[ "$in_resources" == true && "$resources_written" == false ]]; then
+    for route_path in "${route_paths[@]}"; do
+      echo "$route_path" >> "$temp_file"
+    done
+  fi
+
+  mv "$temp_file" "$kustomization_file"
+  echo "Updated ${kustomization_file} with ${#route_paths[@]} routes"
+}
+
+main() {
+  mkdir -p "${OUTPUT_DIR}"
+
+  for route in "${ROUTES[@]}"; do
+    IFS=':' read -r name hostname port protocol private <<< "$route"
+    
+    echo "Generating route for ${name}..."
+    
+    output_file="${OUTPUT_DIR}/${name}.yaml"
+    generate_http_route "$name" "$hostname" "$port" "$protocol" "$private" > "$output_file"
+    
+    echo "  -> ${output_file}"
+  done
+
+  echo ""
+  write_kustomization
+  echo ""
+  echo "Done! Generated ${#ROUTES[@]} routes."
+}
+
+main "$@"
--- a/nix/homelab/src/commands.rs
+++ b/nix/homelab/src/commands.rs
@@ -0,0 +1,9 @@
+pub mod generate_routes;
+
+use clap::Subcommand;
+
+#[derive(Subcommand, Debug)]
+pub enum Commands {
+    /// generate gateway api routes
+    GenerateRoutes,
+}
--- a/nix/homelab/src/commands/generate_routes.rs
+++ b/nix/homelab/src/commands/generate_routes.rs
@@ -0,0 +1,72 @@
+use serde::{Deserialize, Serialize};
+
+use crate::{Config, HelperError};
+
+#[derive(Serialize, Deserialize, Default)]
+pub struct Route {
+    name: String,
+    hostname: String,
+    namespace: String,
+    service: Option<String>,
+    port: i16,
+    private: bool,
+}
+
+pub fn generate_routes(config: &Config) -> Result<(), HelperError> {
+    let routes = config
+        .routes
+        .iter()
+        .enumerate()
+        .fold(String::new(), |mut acc, (i, r)| {
+            if i > 0 {
+                acc.push_str("\n---\n");
+            }
+            acc.push_str(&generate_route(r));
+            acc
+        });
+    std::fs::write("kustomize/routes.yaml", &routes)?;
+    println!("Wrote: {}", routes);
+
+    Ok(())
+}
+
+fn generate_route(route: &Route) -> String {
+    let mut filters_section = String::new();
+    if route.private {
+        filters_section = format!(
+            r#"filters:
+        - type: ExtensionRef
+          extensionRef:
+            group: traefik.io
+            kind: Middleware
+            name: private-networks"#
+        );
+    };
+
+    format!(
+        r#"apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {}
+  namespace: {}
+spec:
+  parentRefs:
+    - name: traefik-gateway
+      namespace: kube-system
+  hostnames:
+    - {}.lucalise.ca
+  rules:
+    - backendRefs:
+        - name: {}
+          port: {}
+      {}"#,
+        route.name,
+        route.namespace,
+        route.hostname,
+        route.service.clone().unwrap_or_else(|| route.name.clone()),
+        route.port,
+        filters_section
+    )
+    .trim_end()
+    .to_string()
+}
--- a/nix/homelab/src/main.rs
+++ b/nix/homelab/src/main.rs
@@ -0,0 +1,55 @@
+mod commands;
+
+use std::path::Path;
+
+use anyhow::Context;
+use clap::{CommandFactory, Parser};
+use serde::{Deserialize, Serialize};
+use thiserror::Error;
+
+use crate::commands::{
+    Commands,
+    generate_routes::{Route, generate_routes},
+};
+
+#[derive(Parser, Debug)]
+#[command(version = "0.1.0", about = "Helper for k3s", long_about = None)]
+struct Cli {
+    #[command(subcommand)]
+    command: Option<Commands>,
+}
+
+#[derive(Debug, Error)]
+pub enum HelperError {
+    #[error("error reading file")]
+    ReadFile(#[from] std::io::Error),
+    #[error("error parsing config toml")]
+    TomlError(#[from] toml::de::Error),
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct Config {
+    routes: Vec<Route>,
+}
+
+pub fn parse_config<T: AsRef<Path>>(path: T) -> anyhow::Result<Config> {
+    let bytes = std::fs::read(&path).context(format!(
+        "failed to read config file: {}",
+        path.as_ref().display()
+    ))?;
+    Ok(toml::from_slice::<Config>(&bytes)?)
+}
+
+fn main() -> anyhow::Result<()> {
+    let cli = Cli::parse();
+
+    match &cli.command {
+        Some(Commands::GenerateRoutes {}) => {
+            let config = parse_config("./config.toml")?;
+            generate_routes(&config)?;
+        }
+        None => Cli::command().print_long_help()?,
+    }
+
+    Ok(())
+}