From b77e496b312a617b186ae47565fb70af69b35868 Mon Sep 17 00:00:00 2001 From: lucalise Date: Tue, 23 Dec 2025 20:43:55 -0800 Subject: [PATCH] feat!: configure traefik, add jellyfin --- nix/homelab/helm/helmfile.yaml | 21 ++++-- nix/homelab/helm/values/jellyfin.yaml | 4 +- .../kustomize/cert-manager/config.yaml | 32 ++++++++ nix/homelab/kustomize/kustomization.yaml | 3 + nix/homelab/kustomize/metallb/pool.yaml | 2 +- nix/homelab/kustomize/routes/media.yaml | 15 ++++ nix/homelab/kustomize/traefik/config.yaml | 75 +++++++++++++++++++ 7 files changed, 143 insertions(+), 9 deletions(-) create mode 100644 nix/homelab/kustomize/cert-manager/config.yaml create mode 100644 nix/homelab/kustomize/routes/media.yaml create mode 100644 nix/homelab/kustomize/traefik/config.yaml diff --git a/nix/homelab/helm/helmfile.yaml b/nix/homelab/helm/helmfile.yaml index a754e3e..2b450f0 100644 --- a/nix/homelab/helm/helmfile.yaml +++ b/nix/homelab/helm/helmfile.yaml @@ -11,10 +11,19 @@ releases: namespace: metallb-system version: 0.15.3 + # Cert Manager + - name: cert-manager + chart: oci://quay.io/jetstack/charts/cert-manager + namespace: cert-manager + version: 1.19.2 + values: + - crds: + enabled: true + # Media Server - # - name: jellyfin - # namespace: media - # chart: jellyfin/jellyfin - # version: 2.7.0 - # values: - # - values/jellyfin.yaml + - name: jellyfin + namespace: media + chart: jellyfin/jellyfin + version: 2.7.0 + values: + - values/jellyfin.yaml diff --git a/nix/homelab/helm/values/jellyfin.yaml b/nix/homelab/helm/values/jellyfin.yaml index f79cd1a..2e756eb 100644 --- a/nix/homelab/helm/values/jellyfin.yaml +++ b/nix/homelab/helm/values/jellyfin.yaml @@ -1,5 +1,5 @@ persistence: config: - size: 5gi + size: 2Gi media: - size: 5Gi + size: 2Gi diff --git a/nix/homelab/kustomize/cert-manager/config.yaml b/nix/homelab/kustomize/cert-manager/config.yaml new file mode 100644 index 0000000..7df5454 --- /dev/null +++ b/nix/homelab/kustomize/cert-manager/config.yaml @@ -0,0 +1,32 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + email: luca_lise@icloud.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-account-key + solvers: + - dns01: + route53: + region: ca-central-1 + hostedZoneID: Z0948300LINP3SX1WI4O + accessKeyID: AKIAYQOC475R6YBXHPE7 + secretAccessKeySecretRef: + name: route53-credentials + key: secret-access-key +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-lucalise.ca + namespace: kube-system +spec: + secretName: wildcard-lucalise.ca-tls + dnsNames: + - "*.lucalise.ca" + issuerRef: + name: letsencrypt + kind: ClusterIssuer diff --git a/nix/homelab/kustomize/kustomization.yaml b/nix/homelab/kustomize/kustomization.yaml index aad3939..3d9565d 100644 --- a/nix/homelab/kustomize/kustomization.yaml +++ b/nix/homelab/kustomize/kustomization.yaml @@ -3,3 +3,6 @@ kind: Kustomization resources: - ./metallb/pool.yaml + - ./traefik/config.yaml + - ./cert-manager/config.yaml + - ./routes/media.yaml diff --git a/nix/homelab/kustomize/metallb/pool.yaml b/nix/homelab/kustomize/metallb/pool.yaml index 2676031..64ccd9f 100644 --- a/nix/homelab/kustomize/metallb/pool.yaml +++ b/nix/homelab/kustomize/metallb/pool.yaml @@ -5,7 +5,7 @@ metadata: namespace: metallb-system spec: addresses: - - 192.168.x.x + - 192.168.122.132/26 --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement diff --git a/nix/homelab/kustomize/routes/media.yaml b/nix/homelab/kustomize/routes/media.yaml new file mode 100644 index 0000000..40ffa05 --- /dev/null +++ b/nix/homelab/kustomize/routes/media.yaml @@ -0,0 +1,15 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: jellyfin + namespace: media +spec: + parentRefs: + - name: traefik-gateway + namespace: kube-system + hostnames: + - "media.lucalise.ca" + rules: + - backendRefs: + - name: jellyfin + port: 8096 diff --git a/nix/homelab/kustomize/traefik/config.yaml b/nix/homelab/kustomize/traefik/config.yaml new file mode 100644 index 0000000..40c7822 --- /dev/null +++ b/nix/homelab/kustomize/traefik/config.yaml @@ -0,0 +1,75 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + valuesContent: |- + ports: + web: + port: 80 + nodePort: 30000 + redirections: + entryPoint: + to: websecure + scheme: https + permanent: true + websecure: + port: 443 + nodePort: 30001 + + ssh: + port: 22 + expose: + default: true + exposedPort: 22 + protocol: TCP + + persistence: + enabled: true + size: 128Mi + + api: + dashboard: true + insecure: true + + ingressRoute: + dashboard: + enabled: true + matchRule: Host(`traefik.lucalise.ca`) + entryPoints: + - websecure + + ingressClass: + enabled: false + providers: + kubernetesIngress: + enabled: false + kubernetesGateway: + enabled: true + gateway: + listeners: + web: + port: 80 + protocol: HTTP + namespacePolicy: + from: All + websecure: + port: 443 + protocol: HTTPS + namespacePolicy: + from: All + mode: Terminate + certificateRefs: + - kind: Secret + name: wildcard-lucalise.ca-tls + group: "" + logs: + general: + level: INFO + # This enables access logs, outputting them to Traefik's standard output by default. The [Access Logs Documentation](https://doc.traefik.io/traefik/observability/access-logs/) covers formatting, filtering, and output options. + access: + enabled: true + metrics: + prometheus: + enabled: false