lucalise/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat!: configure traefik, add jellyfin

Browse Source
This commit is contained in:
lucalise
2025-12-23 20:43:55 -08:00
parent 3302b71a39
commit b77e496b31
7 changed files with 143 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
nix/homelab/helm/helmfile.yaml
View File

@@ -11,10 +11,19 @@ releases:
namespace: metallb-system namespace: metallb-system
version: 0.15.3 version: 0.15.3
# Cert Manager
- name: cert-manager
chart: oci://quay.io/jetstack/charts/cert-manager
namespace: cert-manager
version: 1.19.2
values:
- crds:
enabled: true
# Media Server # Media Server
# - name: jellyfin - name: jellyfin
# namespace: media namespace: media
# chart: jellyfin/jellyfin chart: jellyfin/jellyfin
# version: 2.7.0 version: 2.7.0
# values: values:
# - values/jellyfin.yaml - values/jellyfin.yaml

4
nix/homelab/helm/values/jellyfin.yaml
View File

@@ -1,5 +1,5 @@
persistence: persistence:
config: config:
size: 5gi size: 2Gi
media: media:
size: 5Gi size: 2Gi

32
nix/homelab/kustomize/cert-manager/config.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: luca_lise@icloud.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-account-key
solvers:
- dns01:
route53:
region: ca-central-1
hostedZoneID: Z0948300LINP3SX1WI4O
accessKeyID: AKIAYQOC475R6YBXHPE7
secretAccessKeySecretRef:
name: route53-credentials
key: secret-access-key
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-lucalise.ca
namespace: kube-system
spec:
secretName: wildcard-lucalise.ca-tls
dnsNames:
- "*.lucalise.ca"
issuerRef:
name: letsencrypt
kind: ClusterIssuer

3
nix/homelab/kustomize/kustomization.yaml
View File

@@ -3,3 +3,6 @@ kind: Kustomization
resources: resources:
- ./metallb/pool.yaml - ./metallb/pool.yaml
- ./traefik/config.yaml
- ./cert-manager/config.yaml
- ./routes/media.yaml

2
nix/homelab/kustomize/metallb/pool.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: metallb-system namespace: metallb-system
spec: spec:
addresses: addresses:
- 192.168.x.x - 192.168.122.132/26
--- ---
apiVersion: metallb.io/v1beta1 apiVersion: metallb.io/v1beta1
kind: L2Advertisement kind: L2Advertisement

15
nix/homelab/kustomize/routes/media.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: jellyfin
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "media.lucalise.ca"
rules:
- backendRefs:
- name: jellyfin
port: 8096

75
nix/homelab/kustomize/traefik/config.yaml Normal file
View File

@@ -0,0 +1,75 @@
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
ports:
web:
port: 80
nodePort: 30000
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
port: 443
nodePort: 30001
ssh:
port: 22
expose:
default: true
exposedPort: 22
protocol: TCP
persistence:
enabled: true
size: 128Mi
api:
dashboard: true
insecure: true
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`traefik.lucalise.ca`)
entryPoints:
- websecure
ingressClass:
enabled: false
providers:
kubernetesIngress:
enabled: false
kubernetesGateway:
enabled: true
gateway:
listeners:
web:
port: 80
protocol: HTTP
namespacePolicy:
from: All
websecure:
port: 443
protocol: HTTPS
namespacePolicy:
from: All
mode: Terminate
certificateRefs:
- kind: Secret
name: wildcard-lucalise.ca-tls
group: ""
logs:
general:
level: INFO
# This enables access logs, outputting them to Traefik's standard output by default. The [Access Logs Documentation](https://doc.traefik.io/traefik/observability/access-logs/) covers formatting, filtering, and output options.
access:
enabled: true
metrics:
prometheus:
enabled: false