lucalise/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(homelab): move traefik to rufus node, add rfc1918 middlewares

Browse Source
This commit is contained in:
lucalise
2025-12-27 02:20:41 -08:00
parent 037036a684
commit 402f1243a2
11 changed files with 144 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
nix/homelab/helm/values/minecraft/main.yaml
View File

@@ -70,48 +70,48 @@ extraVolumes:
server: 192.168.27.2
path: /backup/minecraft
initContainers:
- name: world-restore
image: busybox:latest
command:
- sh
- -c
- |
set -e
echo "=== Minecraft World Restore ==="
BACKUP_FILE="/backups/latest.tgz"
# Check if backup exists
if [[ ! -f "$BACKUP_FILE" ]]; then
echo "Skipping restore, server will start with existing/new world"
exit 0
fi
echo "✓ Backup found: $BACKUP_FILE"
echo " Size: $(du -h $BACKUP_FILE | cut -f1)"
# Check if world already exists
if [ -f /data/world/level.dat ]; then
echo "⚠ World already exists at /data/world/"
echo " Replacing with backup..."
rm -rf /data/world /data/world_nether /data/world_the_end
fi
# Extract backup
echo "Extracting backup to /data/..."
tar -xzf "$BACKUP_FILE" -C /data/
echo "✓ Extraction complete"
echo ""
echo "=== Restore Complete ==="
echo "Restored world size: $(du -sh /data/world 2>/dev/null | cut -f1 || echo 'unknown')"
ls -lh /data/ | grep -E "^d" || true
echo ""
volumeMounts:
- name: datadir
mountPath: /data
- name: backup-volume
mountPath: /backup
readOnly: true
# initContainers:
# - name: world-restore
# image: busybox:latest
# command:
# - sh
# - -c
# - |
# set -e
#
# echo "=== Minecraft World Restore ==="
#
# BACKUP_FILE="/backups/latest.tgz"
#
# # Check if backup exists
# if [[ ! -f "$BACKUP_FILE" ]]; then
# echo "Skipping restore, server will start with existing/new world"
# exit 0
# fi
#
# echo "✓ Backup found: $BACKUP_FILE"
# echo " Size: $(du -h $BACKUP_FILE | cut -f1)"
#
# # Check if world already exists
# if [ -f /data/world/level.dat ]; then
# echo "⚠ World already exists at /data/world/"
# echo " Replacing with backup..."
# rm -rf /data/world /data/world_nether /data/world_the_end
# fi
#
# # Extract backup
# echo "Extracting backup to /data/..."
# tar -xzf "$BACKUP_FILE" -C /data/
# echo "✓ Extraction complete"
#
# echo ""
# echo "=== Restore Complete ==="
# echo "Restored world size: $(du -sh /data/world 2>/dev/null | cut -f1 || echo 'unknown')"
# ls -lh /data/ | grep -E "^d" || true
# echo ""
# volumeMounts:
# - name: datadir
# mountPath: /data
# - name: backup-volume
# mountPath: /backup
# readOnly: true

2
nix/homelab/kustomize/kustomization.yaml
View File

@@ -4,6 +4,8 @@ kind: Kustomization
resources:
- ./metallb/pool.yaml
- ./traefik/config.yaml
- ./traefik/rfc1918-middleware.yaml
- ./traefik/chain.yaml
- ./cert-manager/config.yaml
- ./routes/media.yaml
- ./routes/minecraft.yaml

22
nix/homelab/kustomize/metallb/pool.yaml
View File

@@ -8,6 +8,16 @@ spec:
- 192.168.18.31-192.168.18.61
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: rufus-pool
namespace: metallb-system
spec:
addresses:
- 192.168.27.10-192.168.27.30
autoAssign: false
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: pool
@@ -15,3 +25,15 @@ metadata:
spec:
ipAddressPools:
- pool
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: rufus-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- rufus-pool
nodeSelectors:
- matchLabels:
kubernetes.io/hostname: rufus

6
nix/homelab/kustomize/routes/home-assistant.yaml
View File

@@ -13,3 +13,9 @@ spec:
- backendRefs:
- name: home-assistant
port: 8080
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: rfc1918-chain

6
nix/homelab/kustomize/routes/longhorn.yaml
View File

@@ -13,3 +13,9 @@ spec:
- backendRefs:
- name: longhorn-frontend
port: 80
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: rfc1918-chain

6
nix/homelab/kustomize/routes/media.yaml
View File

@@ -13,3 +13,9 @@ spec:
- backendRefs:
- name: jellyfin
port: 8096
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: rfc1918-chain

32
nix/homelab/kustomize/traefik/chain.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: rfc1918-chain
namespace: home
spec:
chain:
middlewares:
- name: rfc1918-only
namespace: default
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: rfc1918-chain
namespace: longhorn-system
spec:
chain:
middlewares:
- name: rfc1918-only
namespace: default
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: rfc1918-chain
namespace: media
spec:
chain:
middlewares:
- name: rfc1918-only
namespace: default

9
nix/homelab/kustomize/traefik/config.yaml
View File

@@ -5,6 +5,13 @@ metadata:
namespace: kube-system
spec:
valuesContent: |-
nodeSelector:
kubernetes.io/hostname: rufus
service:
annotations:
metallb.universe.tf/address-pool: rufus-pool
ports:
web:
port: 80
@@ -52,6 +59,8 @@ spec:
enabled: false
kubernetesGateway:
enabled: true
kubernetesCRD:
allowCrossNamespace: true
gateway:
listeners:
web:

11
nix/homelab/kustomize/traefik/rfc1918-middleware.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: rfc1918-only
namespace: default
spec:
ipAllowList:
sourceRange:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"

11
nix/modules/dns.nix
View File

@@ -18,12 +18,11 @@
dns = "systemd-resolved";
};
networking.extraHosts = ''
192.168.18.31 traefik.lucalise.ca
192.168.18.31 media.lucalise.ca
192.168.18.31 git.lucalise.ca
192.168.18.31 storage.lucalise.ca
192.168.18.31 home-assistant.lucalise.ca
192.168.18.31 mc-rocket.duckdns.org
192.168.27.10 traefik.lucalise.ca
192.168.27.10 media.lucalise.ca
192.168.27.10 git.lucalise.ca
192.168.27.10 storage.lucalise.ca
192.168.27.10 home-assistant.lucalise.ca
'';
services.resolved = {