lucalise/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(homelab): add more routes

Browse Source
This commit is contained in:
lucalise
2025-12-31 16:19:43 -08:00
parent f54c95980f
commit 3d77a1478a
14 changed files with 464 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
nix/home-old.nix
View File

@@ -1,38 +0,0 @@
{ config, pkgs, ... }:
{
home.username = "luca";
home.homeDirectory = "/home/luca";
programs = {
git = import ./git.nix;
alacritty = {
enable = true;
settings.window.opacity = 0.6;
};
zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
};
};
services.picom = {
enable = true;
vSync = true;
};
xsession.windowManager.i3 = {
enable = true;
config = {
modifier = "Mod4";
defaultWorkspace = "workspace number 1";
terminal = "alacritty";
};
};
home.stateVersion = "24.11";
programs.home-manager.enable = true;
}

6
nix/homelab/config.toml
View File

@@ -11,6 +11,7 @@ routes = [
kind = "TCP", kind = "TCP",
name = "gitea-ssh", name = "gitea-ssh",
namespace = "git", namespace = "git",
entrypoint = "ssh",
service = "gitea-ssh", service = "gitea-ssh",
port = 22, port = 22,
private = false private = false
@@ -24,7 +25,7 @@ routes = [
{ {
name = "sonarr", name = "sonarr",
namespace = "media", namespace = "media",
port = 8787, port = 8989,
private = true private = true
}, },
{ {
@@ -47,6 +48,7 @@ routes = [
name = "minecraft-router", name = "minecraft-router",
hostname = "minecraft", hostname = "minecraft",
namespace = "minecraft", namespace = "minecraft",
entrypoint = "minecraft",
service = "minecraft-router-mc-router", service = "minecraft-router-mc-router",
port = 25565, port = 25565,
private = false private = false
@@ -67,7 +69,7 @@ routes = [
name = "qbittorrent", name = "qbittorrent",
hostname = "qbit", hostname = "qbit",
namespace = "media", namespace = "media",
port = 8090, port = 8080,
private = true private = true
}, },
{ {

8
nix/homelab/helm/helmfile.yaml
View File

@@ -56,6 +56,14 @@ releases:
values: values:
- values/pihole.yaml - values/pihole.yaml
# Media
- name: jellyfin
namespace: media
chart: jellyfin/jellyfin
version: 2.7.0
values:
- values/media/jellyfin.yaml
# Minecraft # Minecraft
- name: minecraft-router - name: minecraft-router
namespace: minecraft namespace: minecraft

21
nix/homelab/helm/values/media/jellyfin.yaml Normal file
View File

@@ -0,0 +1,21 @@
persistence:
media:
enabled: false
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1
memory: 2Gi
volumeMounts:
- name: data
mountPath: /mnt/data
volumes:
- name: data
nfs:
server: 192.168.27.2
path: /data

6
nix/homelab/helm/values/pihole.yaml
View File

@@ -8,6 +8,12 @@ serviceWeb:
https: https:
enabled: false enabled: false
serviceDns:
type: LoadBalancer
mixedService: true
annotations:
metallb.universe.tf/loadBalancerIPs: "192.168.18.32"
resources: resources:
requests: requests:
cpu: 100m cpu: 100m

5
nix/homelab/kustomize/kustomization.yaml
View File

@@ -8,4 +8,9 @@ resources:
- ./traefik/chains.yaml - ./traefik/chains.yaml
- ./cert-manager/config.yaml - ./cert-manager/config.yaml
- ./routes.yaml - ./routes.yaml
- ./media/sonarr.yaml - ./media/sonarr.yaml
- ./media/prowlarr.yaml
- ./media/radarr.yaml
- ./media/qbittorrent.yaml
- ./media/flaresolverr.yaml

76
nix/homelab/kustomize/media/flaresolverr.yaml Normal file
View File

@@ -0,0 +1,76 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flaresolverr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flaresolverr
namespace: media
labels:
app: flaresolverr
spec:
replicas: 1
selector:
matchLabels:
app: flaresolverr
template:
metadata:
labels:
app: flaresolverr
spec:
containers:
- name: flaresolverr
image: ghcr.io/flaresolverr/flaresolverr
ports:
- containerPort: 8191
name: http
env:
- name: TZ
value: America/Vancouver
volumeMounts:
- name: config
mountPath: /config
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1
memory: 4Gi
livenessProbe:
httpGet:
path: /health
port: 8191
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 8191
initialDelaySeconds: 5
volumes:
- name: config
persistentVolumeClaim:
claimName: flaresolverr-config
---
apiVersion: v1
kind: Service
metadata:
name: flaresolverr
namespace: media
spec:
selector:
app: flaresolverr
ports:
- port: 8191
targetPort: 8191
name: http

84
nix/homelab/kustomize/media/prowlarr.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prowlarr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prowlarr
namespace: media
labels:
app: prowlarr
spec:
replicas: 1
selector:
matchLabels:
app: prowlarr
template:
metadata:
labels:
app: prowlarr
spec:
containers:
- name: prowlarr
image: lscr.io/linuxserver/prowlarr
ports:
- containerPort: 9696
name: http
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "America/Vancouver"
volumeMounts:
- name: config
mountPath: /config
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /ping
port: 9696
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /ping
port: 9696
initialDelaySeconds: 10
periodSeconds: 10
volumes:
- name: config
persistentVolumeClaim:
claimName: prowlarr-config
---
apiVersion: v1
kind: Service
metadata:
name: prowlarr
namespace: media
labels:
app: prowlarr
spec:
selector:
app: prowlarr
ports:
- port: 9696
targetPort: 9696
protocol: TCP
name: http

141
nix/homelab/kustomize/media/qbittorrent.yaml Normal file
View File

@@ -0,0 +1,141 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: qbittorrent
namespace: media
labels:
app: qbittorrent
annotations:
kubectl.kubernetes.io/default-container: qbittorrent
spec:
replicas: 1
selector:
matchLabels:
app: qbittorrent
template:
metadata:
labels:
app: qbittorrent
spec:
containers:
- name: gluetun
image: qmcgaw/gluetun
securityContext:
capabilities:
add:
- NET_ADMIN
env:
- name: VPN_SERVICE_PROVIDER
value: "custom"
- name: VPN_TYPE
value: "wireguard"
- name: TZ
value: "America/Vancouver"
- name: FIREWALL
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
- name: DNS_KEEP_NAMESERVER
value: "on"
- name: LOG_LEVEL
value: "info"
volumeMounts:
- name: wireguard-config
mountPath: /gluetun/wireguard/wg0.conf
subPath: wg0.conf
readOnly: true
- name: tun
mountPath: /dev/net/tun
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /v1/vpn/status
port: 8000
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /v1/vpn/status
port: 8000
initialDelaySeconds: 10
periodSeconds: 60
timeoutSeconds: 5
- name: qbittorrent
image: lscr.io/linuxserver/qbittorrent
ports:
- containerPort: 8080
name: http
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "America/Vancouver"
- name: WEBUI_PORT
value: "8080"
volumeMounts:
- name: config
mountPath: /config
- name: data
mountPath: /mnt/data
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2
memory: 2Gi
volumes:
- name: config
persistentVolumeClaim:
claimName: qbittorrent-config
- name: data
nfs:
server: 192.168.27.2
path: /data
- name: wireguard-config
secret:
secretName: wireguard-config
- name: tun
hostPath:
path: /dev/net/tun
type: CharDevice
---
apiVersion: v1
kind: Service
metadata:
name: qbittorrent
namespace: media
labels:
app: qbittorrent
spec:
selector:
app: qbittorrent
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http

90
nix/homelab/kustomize/media/radarr.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: radarr
namespace: media
labels:
app: radarr
spec:
replicas: 1
selector:
matchLabels:
app: radarr
template:
metadata:
labels:
app: radarr
spec:
containers:
- name: radarr
image: lscr.io/linuxserver/radarr
ports:
- containerPort: 7878
name: http
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "America/Vancouver"
volumeMounts:
- name: config
mountPath: /config
- name: data
mountPath: /mnt/data
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /ping
port: 7878
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /ping
port: 7878
initialDelaySeconds: 10
periodSeconds: 10
volumes:
- name: config
persistentVolumeClaim:
claimName: radarr-config
- name: data
nfs:
server: 192.168.27.2
path: /data
---
apiVersion: v1
kind: Service
metadata:
name: radarr
namespace: media
labels:
app: radarr
spec:
selector:
app: radarr
ports:
- port: 7878
targetPort: 7878
protocol: TCP
name: http

3
nix/homelab/kustomize/media/sonarr.yaml
View File

@@ -35,6 +35,9 @@ spec:
containers: containers:
- name: sonarr - name: sonarr
image: lscr.io/linuxserver/sonarr image: lscr.io/linuxserver/sonarr
securityContext:
runAsUser: 0
runAsGroup: 0
ports: ports:
- containerPort: 8989 - containerPort: 8989
name: http name: http

8
nix/homelab/kustomize/routes.yaml
View File

@@ -21,7 +21,7 @@ metadata:
namespace: git namespace: git
spec: spec:
entryPoints: entryPoints:
- gitea-ssh - ssh
routes: routes:
- match: HostSNI(`*`) - match: HostSNI(`*`)
services: services:
@@ -64,7 +64,7 @@ spec:
rules: rules:
- backendRefs: - backendRefs:
- name: sonarr - name: sonarr
port: 8787 port: 8989
filters: filters:
- type: ExtensionRef - type: ExtensionRef
extensionRef: extensionRef:
@@ -123,7 +123,7 @@ metadata:
namespace: minecraft namespace: minecraft
spec: spec:
entryPoints: entryPoints:
- minecraft-router - minecraft
routes: routes:
- match: HostSNI(`*`) - match: HostSNI(`*`)
services: services:
@@ -188,7 +188,7 @@ spec:
rules: rules:
- backendRefs: - backendRefs:
- name: qbittorrent - name: qbittorrent
port: 8090 port: 8080
filters: filters:
- type: ExtensionRef - type: ExtensionRef
extensionRef: extensionRef:

38
nix/homelab/src/commands/generate_routes.rs
View File

@@ -4,7 +4,7 @@ use serde::{Deserialize, Serialize};
use crate::{Config, HelperError}; use crate::{Config, HelperError};
#[derive(Serialize, Deserialize, Default)] #[derive(Serialize, Deserialize, Default, Debug, Clone)]
pub struct Route { pub struct Route {
#[serde(default)] #[serde(default)]
kind: RouteKind, kind: RouteKind,
@@ -23,7 +23,7 @@ impl Route {
} }
} }
#[derive(Serialize, Deserialize, Default)] #[derive(Serialize, Deserialize, Default, Debug, Clone)]
enum RouteKind { enum RouteKind {
#[default] #[default]
HTTP, HTTP,
@@ -31,17 +31,16 @@ enum RouteKind {
} }
pub fn generate_routes(config: &Config) -> Result<(), HelperError> { pub fn generate_routes(config: &Config) -> Result<(), HelperError> {
let routes = config let routes = config.routes.iter().enumerate().try_fold(
.routes String::new(),
.iter() |mut acc, (i, r)| -> Result<_, HelperError> {
.enumerate()
.fold(String::new(), |mut acc, (i, r)| {
if i > 0 { if i > 0 {
acc.push_str("\n---\n"); acc.push_str("\n---\n");
} }
acc.push_str(&generate_route(r)); acc.push_str(&generate_route(r)?);
acc Ok(acc)
}); },
)?;
let chains = generate_chains(&config.routes); let chains = generate_chains(&config.routes);
std::fs::write("kustomize/routes.yaml", &routes)?; std::fs::write("kustomize/routes.yaml", &routes)?;
std::fs::write("kustomize/traefik/chains.yaml", &chains)?; std::fs::write("kustomize/traefik/chains.yaml", &chains)?;
@@ -50,11 +49,11 @@ pub fn generate_routes(config: &Config) -> Result<(), HelperError> {
Ok(()) Ok(())
} }
fn generate_route(route: &Route) -> String { fn generate_route(route: &Route) -> Result<String, HelperError> {
match route.kind { Ok(match route.kind {
RouteKind::HTTP => generate_http_route(route), RouteKind::HTTP => generate_http_route(route),
RouteKind::TCP => generate_tcp_route(route), RouteKind::TCP => generate_tcp_route(route)?,
} })
} }
fn generate_chains(routes: &[Route]) -> String { fn generate_chains(routes: &[Route]) -> String {
@@ -133,7 +132,7 @@ spec:
.to_string() .to_string()
} }
fn generate_tcp_route(route: &Route) -> String { fn generate_tcp_route(route: &Route) -> Result<String, HelperError> {
let mut middlewares_section = String::new(); let mut middlewares_section = String::new();
if route.private { if route.private {
middlewares_section = format!( middlewares_section = format!(
@@ -143,7 +142,7 @@ fn generate_tcp_route(route: &Route) -> String {
); );
} }
format!( Ok(format!(
r#"apiVersion: traefik.io/v1alpha1 r#"apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP kind: IngressRouteTCP
metadata: metadata:
@@ -159,11 +158,14 @@ spec:
port: {}"#, port: {}"#,
route.name, route.name,
route.namespace, route.namespace,
route.entrypoint, route
.entrypoint
.as_ref()
.ok_or(HelperError::TCPEntryPoint(route.name.clone()))?,
middlewares_section, middlewares_section,
route.service.as_ref().unwrap_or_else(|| &route.name), route.service.as_ref().unwrap_or_else(|| &route.name),
route.port route.port
) )
.trim_end() .trim_end()
.to_string() .to_string())
} }

2
nix/homelab/src/main.rs
View File

@@ -25,6 +25,8 @@ pub enum HelperError {
ReadFile(#[from] std::io::Error), ReadFile(#[from] std::io::Error),
#[error("error parsing config toml")] #[error("error parsing config toml")]
TomlError(#[from] toml::de::Error), TomlError(#[from] toml::de::Error),
#[error("entrypoint required for tcproute: {0:?}")]
TCPEntryPoint(String),
} }
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]