lucalise/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: lucalise:d1b81ce0db011097588ef348dfa867b8c99fceed
Branches Tags
lucalise:main
..
compare: lucalise:7cfa0e63751df51630ce1760c91db8a7b4bbade4
Branches Tags
lucalise:main

10 Commits
d1b81ce0db ... 7cfa0e6375

Author SHA1 Message Date
lucalise
7cfa0e6375 feat(homelab): migrate kube subnet 2026-01-03 01:52:42 -08:00
lucalise
3005a07e28 feat(homelab): add dhcp lease parsing 2026-01-02 18:15:03 -08:00
lucalise
8fa31858b4 fix(homelab): fix homeassistant route to 8080 2026-01-01 22:21:37 -08:00
lucalise
120e38fd46 fix(homelab): increase ram for mc servers 2026-01-01 15:47:59 -08:00
lucalise
af6952fb1e fix(homelab): use correct gitea root_url 2026-01-01 13:31:47 -08:00
lucalise
c5dc30dd4a feat(homelab): add prometheus & grafana, jless fd + more zsh plugins 2026-01-01 13:21:06 -08:00
lucalise
3d77a1478a feat(homelab): add more routes 2025-12-31 16:20:17 -08:00
lucalise
f54c95980f feat(homelab): setup route & chain generation 2025-12-30 14:20:28 -08:00
lucalise
f89a7e1813 feat(homelab): start adding route kind 2025-12-28 22:15:11 -08:00
lucalise
0993820675 feat(homelab): start implementing route generation 2025-12-28 01:58:34 -08:00
45 changed files with 2174 additions and 504 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
nix/homelab/target

38
nix/home-old.nix
View File

@@ -1,38 +0,0 @@
{ config, pkgs, ... }:
{
home.username = "luca";
home.homeDirectory = "/home/luca";
programs = {
git = import ./git.nix;
alacritty = {
enable = true;
settings.window.opacity = 0.6;
};
zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
};
};
services.picom = {
enable = true;
vSync = true;
};
xsession.windowManager.i3 = {
enable = true;
config = {
modifier = "Mod4";
defaultWorkspace = "workspace number 1";
terminal = "alacritty";
};
};
home.stateVersion = "24.11";
programs.home-manager.enable = true;
}

494
nix/homelab/Cargo.lock generated Normal file
View File

@@ -0,0 +1,494 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4
[[package]]
name = "anstream"
version = "0.6.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "43d5b281e737544384e969a5ccad3f1cdd24b48086a0fc1b2a5262a26b8f4f4a"
dependencies = [
"anstyle",
"anstyle-parse",
"anstyle-query",
"anstyle-wincon",
"colorchoice",
"is_terminal_polyfill",
"utf8parse",
]
[[package]]
name = "anstyle"
version = "1.0.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78"
[[package]]
name = "anstyle-parse"
version = "0.2.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2"
dependencies = [
"utf8parse",
]
[[package]]
name = "anstyle-query"
version = "1.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc"
dependencies = [
"windows-sys",
]
[[package]]
name = "anstyle-wincon"
version = "3.0.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d"
dependencies = [
"anstyle",
"once_cell_polyfill",
"windows-sys",
]
[[package]]
name = "anyhow"
version = "1.0.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
[[package]]
name = "bitflags"
version = "2.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3"
[[package]]
name = "cc"
version = "1.2.51"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a0aeaff4ff1a90589618835a598e545176939b97874f7abc7851caa0618f203"
dependencies = [
"find-msvc-tools",
"shlex",
]
[[package]]
name = "cfg-if"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
[[package]]
name = "clap"
version = "4.5.53"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8"
dependencies = [
"clap_builder",
"clap_derive",
]
[[package]]
name = "clap_builder"
version = "4.5.53"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00"
dependencies = [
"anstream",
"anstyle",
"clap_lex",
"strsim",
]
[[package]]
name = "clap_derive"
version = "4.5.49"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2a0b5487afeab2deb2ff4e03a807ad1a03ac532ff5a2cee5d86884440c7f7671"
dependencies = [
"heck",
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "clap_lex"
version = "0.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d"
[[package]]
name = "colorchoice"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75"
[[package]]
name = "equivalent"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
[[package]]
name = "find-msvc-tools"
version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "645cbb3a84e60b7531617d5ae4e57f7e27308f6445f5abf653209ea76dec8dff"
[[package]]
name = "hashbrown"
version = "0.16.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
[[package]]
name = "heck"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
[[package]]
name = "homelab"
version = "0.1.0"
dependencies = [
"anyhow",
"clap",
"nom",
"serde",
"ssh2",
"thiserror",
"toml",
]
[[package]]
name = "indexmap"
version = "2.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ad4bb2b565bca0645f4d68c5c9af97fba094e9791da685bf83cb5f3ce74acf2"
dependencies = [
"equivalent",
"hashbrown",
]
[[package]]
name = "is_terminal_polyfill"
version = "1.70.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695"
[[package]]
name = "libc"
version = "0.2.178"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37c93d8daa9d8a012fd8ab92f088405fb202ea0b6ab73ee2482ae66af4f42091"
[[package]]
name = "libssh2-sys"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "220e4f05ad4a218192533b300327f5150e809b54c4ec83b5a1d91833601811b9"
dependencies = [
"cc",
"libc",
"libz-sys",
"openssl-sys",
"pkg-config",
"vcpkg",
]
[[package]]
name = "libz-sys"
version = "1.1.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "15d118bbf3771060e7311cc7bb0545b01d08a8b4a7de949198dec1fa0ca1c0f7"
dependencies = [
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]]
name = "lock_api"
version = "0.4.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965"
dependencies = [
"scopeguard",
]
[[package]]
name = "memchr"
version = "2.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"
[[package]]
name = "nom"
version = "8.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df9761775871bdef83bee530e60050f7e54b1105350d6884eb0fb4f46c2f9405"
dependencies = [
"memchr",
]
[[package]]
name = "once_cell_polyfill"
version = "1.70.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe"
[[package]]
name = "openssl-sys"
version = "0.9.111"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "82cab2d520aa75e3c58898289429321eb788c3106963d0dc886ec7a5f4adc321"
dependencies = [
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]]
name = "parking_lot"
version = "0.12.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a"
dependencies = [
"lock_api",
"parking_lot_core",
]
[[package]]
name = "parking_lot_core"
version = "0.9.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"
dependencies = [
"cfg-if",
"libc",
"redox_syscall",
"smallvec",
"windows-link",
]
[[package]]
name = "pkg-config"
version = "0.3.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
[[package]]
name = "proc-macro2"
version = "1.0.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8"
dependencies = [
"unicode-ident",
]
[[package]]
name = "quote"
version = "1.0.42"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a338cc41d27e6cc6dce6cefc13a0729dfbb81c262b1f519331575dd80ef3067f"
dependencies = [
"proc-macro2",
]
[[package]]
name = "redox_syscall"
version = "0.5.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
dependencies = [
"bitflags",
]
[[package]]
name = "scopeguard"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
[[package]]
name = "serde"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
dependencies = [
"serde_core",
"serde_derive",
]
[[package]]
name = "serde_core"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "serde_spanned"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776"
dependencies = [
"serde_core",
]
[[package]]
name = "shlex"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "smallvec"
version = "1.15.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
[[package]]
name = "ssh2"
version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2f84d13b3b8a0d4e91a2629911e951db1bb8671512f5c09d7d4ba34500ba68c8"
dependencies = [
"bitflags",
"libc",
"libssh2-sys",
"parking_lot",
]
[[package]]
name = "strsim"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
[[package]]
name = "syn"
version = "2.0.111"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]]
name = "thiserror"
version = "2.0.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f63587ca0f12b72a0600bcba1d40081f830876000bb46dd2337a3051618f4fc8"
dependencies = [
"thiserror-impl",
]
[[package]]
name = "thiserror-impl"
version = "2.0.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3ff15c8ecd7de3849db632e14d18d2571fa09dfc5ed93479bc4485c7a517c913"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "toml"
version = "0.9.10+spec-1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0825052159284a1a8b4d6c0c86cbc801f2da5afd2b225fa548c72f2e74002f48"
dependencies = [
"indexmap",
"serde_core",
"serde_spanned",
"toml_datetime",
"toml_parser",
"toml_writer",
"winnow",
]
[[package]]
name = "toml_datetime"
version = "0.7.5+spec-1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347"
dependencies = [
"serde_core",
]
[[package]]
name = "toml_parser"
version = "1.0.6+spec-1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a3198b4b0a8e11f09dd03e133c0280504d0801269e9afa46362ffde1cbeebf44"
dependencies = [
"winnow",
]
[[package]]
name = "toml_writer"
version = "1.0.6+spec-1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607"
[[package]]
name = "unicode-ident"
version = "1.0.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5"
[[package]]
name = "utf8parse"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
[[package]]
name = "vcpkg"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
[[package]]
name = "windows-link"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
[[package]]
name = "windows-sys"
version = "0.61.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
dependencies = [
"windows-link",
]
[[package]]
name = "winnow"
version = "0.7.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a5364e9d77fcdeeaa6062ced926ee3381faa2ee02d3eb83a5c27a8825540829"

13
nix/homelab/Cargo.toml Normal file
View File

@@ -0,0 +1,13 @@
[package]
name = "homelab"
version = "0.1.0"
edition = "2024"
[dependencies]
anyhow = "1.0.100"
clap = { version = "4.5.53", features = ["derive"] }
nom = "8.0.0"
serde = { version = "1.0.228", features = ["serde_derive"] }
ssh2 = "0.9.5"
thiserror = "2.0.17"
toml = "0.9.10"

96
nix/homelab/config.toml Normal file
View File

@@ -0,0 +1,96 @@
routes = [
{
name = "gitea",
hostname = "git",
namespace = "git",
service = "gitea-http",
port = 3000,
private = false
},
{
kind = "TCP",
name = "gitea-ssh",
namespace = "git",
entrypoint = "ssh",
service = "gitea-ssh",
port = 22,
private = false
},
{
name = "home-assistant",
namespace = "home",
port = 8080,
private = true
},
{
name = "sonarr",
namespace = "media",
port = 8989,
private = true
},
{
name = "longhorn",
hostname = "storage",
namespace = "longhorn-system",
service = "longhorn-frontend",
port = 80,
private = true
},
{
name = "pihole",
namespace = "pihole-system",
service = "pihole-web",
port = 80,
private = true
},
{
kind = "TCP",
name = "minecraft-router",
hostname = "minecraft",
namespace = "minecraft",
entrypoint = "minecraft",
service = "minecraft-router-mc-router",
port = 25565,
private = false
},
{
name = "prowlarr",
namespace = "media",
port = 9696,
private = true
},
{
name = "radarr",
namespace = "media",
port = 7878,
private = true
},
{
name = "qbittorrent",
hostname = "qbit",
namespace = "media",
port = 8080,
private = true
},
{
name = "flaresolverr",
hostname = "flare",
namespace = "media",
port = 8191,
private = true
},
{
name = "jellyfin",
hostname = "media",
namespace = "media",
port = 8096,
private = true
},
{
name = "grafana",
namespace = "monitoring",
service = "prometheus-stack-grafana",
port = 80,
private = true
},
]

21
nix/homelab/flake.nix
View File

@@ -20,6 +20,16 @@
architecture = "x86_64-linux"; architecture = "x86_64-linux";
} }
]; ];
systems = [ "x86_64-linux" ];
forAllSystems =
f:
nixpkgs.lib.genAttrs systems (
system:
f {
inherit system;
pkgs = nixpkgs.legacyPackages.${system};
}
);
in in
{ {
nixosConfigurations = builtins.listToAttrs ( nixosConfigurations = builtins.listToAttrs (
@@ -49,5 +59,16 @@
}; };
}) nodes }) nodes
); );
devShells = forAllSystems (
{ system, pkgs }:
{
default = pkgs.mkShell {
buildInputs = with pkgs; [
openssl
pkgconf
];
};
}
);
}; };
} }

15
nix/homelab/helm/helmfile.yaml
View File

@@ -30,6 +30,13 @@ releases:
- crds: - crds:
enabled: true enabled: true
- name: prometheus-stack
chart: oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack
namespace: monitoring
version: 80.9.2
values:
- values/prometheus.yaml
# Git # Git
- name: gitea - name: gitea
namespace: git namespace: git
@@ -56,6 +63,14 @@ releases:
values: values:
- values/pihole.yaml - values/pihole.yaml
# Media
- name: jellyfin
namespace: media
chart: jellyfin/jellyfin
version: 2.7.0
values:
- values/media/jellyfin.yaml
# Minecraft # Minecraft
- name: minecraft-router - name: minecraft-router
namespace: minecraft namespace: minecraft

2
nix/homelab/helm/values/gitea.yaml
View File

@@ -13,6 +13,8 @@ gitea:
config: config:
repository: repository:
ROOT: /mnt/git-data/git/repositories ROOT: /mnt/git-data/git/repositories
server:
ROOT_URL: https://git.lucalise.ca
database: database:
DB_TYPE: sqlite3 DB_TYPE: sqlite3
session: session:

21
nix/homelab/helm/values/media/jellyfin.yaml Normal file
View File

@@ -0,0 +1,21 @@
persistence:
media:
enabled: false
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1
memory: 2Gi
volumeMounts:
- name: data
mountPath: /mnt/data
volumes:
- name: data
nfs:
server: 192.168.27.2
path: /data

4
nix/homelab/helm/values/minecraft/main.yaml
View File

@@ -3,7 +3,7 @@ resources:
cpu: 1 cpu: 1
memory: 500Mi memory: 500Mi
limits: limits:
memory: 6Gi memory: 7Gi
cpu: 2500m cpu: 2500m
minecraftServer: minecraftServer:
@@ -12,7 +12,7 @@ minecraftServer:
version: "1.21.11" version: "1.21.11"
difficulty: hard difficulty: hard
motd: "A Minecraft Server." motd: "A Minecraft Server."
memory: 6G memory: 7G
rcon: rcon:
enabled: true enabled: true
withGeneratedPassword: false withGeneratedPassword: false

4
nix/homelab/helm/values/minecraft/router.yaml
View File

@@ -8,9 +8,9 @@ resources:
minecraftRouter: minecraftRouter:
mappings: mappings:
- externalHostname: "mc-rocket.duckdns.org" - externalHostname: "mc-rocket.privatedns.org"
host: "minecraft-main" host: "minecraft-main"
port: 25565 port: 25565
- externalHostname: "mc-rocket-creative.duckdns.org" - externalHostname: "mc-rocket-creative.privatedns.org"
host: "minecraft-creative" host: "minecraft-creative"
port: 25565 port: 25565

6
nix/homelab/helm/values/pihole.yaml
View File

@@ -8,6 +8,12 @@ serviceWeb:
https: https:
enabled: false enabled: false
serviceDns:
type: LoadBalancer
mixedService: true
annotations:
metallb.universe.tf/loadBalancerIPs: "192.168.18.32"
resources: resources:
requests: requests:
cpu: 100m cpu: 100m

58
nix/homelab/helm/values/prometheus.yaml Normal file
View File

@@ -0,0 +1,58 @@
# Install Prometheus Operator CRDs
crds:
enabled: true
alertmanager:
enabled: false
prometheus:
prometheusSpec:
storageSpec:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
retention: 15d
retentionSize: "18GB"
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 500m
memory: 2Gi
grafana:
enabled: true
persistence:
enabled: true
size: 5Gi
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 300m
memory: 512Mi
nodeExporter:
enabled: true
kubeStateMetrics:
enabled: true
kubeEtcd:
enabled: false
kubeControllerManager:
enabled: false
kubeScheduler:
enabled: false
kubeProxy:
enabled: false

15
nix/homelab/kustomize/kustomization.yaml
View File

@@ -7,11 +7,10 @@ resources:
- ./traefik/private-networks.yaml - ./traefik/private-networks.yaml
- ./traefik/chains.yaml - ./traefik/chains.yaml
- ./cert-manager/config.yaml - ./cert-manager/config.yaml
- ./routes/minecraft.yaml - ./routes.yaml
- ./routes/gitea/ssh.yaml
- ./routes/gitea/http.yaml - ./media/sonarr.yaml
- ./routes/longhorn.yaml - ./media/prowlarr.yaml
- ./routes/home-assistant.yaml - ./media/radarr.yaml
- ./routes/consul-media.yaml - ./media/qbittorrent.yaml
- ./routes/consul-vaultwarden.yaml - ./media/flaresolverr.yaml
- ./routes/pihole.yaml

76
nix/homelab/kustomize/media/flaresolverr.yaml Normal file
View File

@@ -0,0 +1,76 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flaresolverr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flaresolverr
namespace: media
labels:
app: flaresolverr
spec:
replicas: 1
selector:
matchLabels:
app: flaresolverr
template:
metadata:
labels:
app: flaresolverr
spec:
containers:
- name: flaresolverr
image: ghcr.io/flaresolverr/flaresolverr
ports:
- containerPort: 8191
name: http
env:
- name: TZ
value: America/Vancouver
volumeMounts:
- name: config
mountPath: /config
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1
memory: 4Gi
livenessProbe:
httpGet:
path: /health
port: 8191
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 8191
initialDelaySeconds: 5
volumes:
- name: config
persistentVolumeClaim:
claimName: flaresolverr-config
---
apiVersion: v1
kind: Service
metadata:
name: flaresolverr
namespace: media
spec:
selector:
app: flaresolverr
ports:
- port: 8191
targetPort: 8191
name: http

84
nix/homelab/kustomize/media/prowlarr.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prowlarr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prowlarr
namespace: media
labels:
app: prowlarr
spec:
replicas: 1
selector:
matchLabels:
app: prowlarr
template:
metadata:
labels:
app: prowlarr
spec:
containers:
- name: prowlarr
image: lscr.io/linuxserver/prowlarr
ports:
- containerPort: 9696
name: http
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "America/Vancouver"
volumeMounts:
- name: config
mountPath: /config
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /ping
port: 9696
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /ping
port: 9696
initialDelaySeconds: 10
periodSeconds: 10
volumes:
- name: config
persistentVolumeClaim:
claimName: prowlarr-config
---
apiVersion: v1
kind: Service
metadata:
name: prowlarr
namespace: media
labels:
app: prowlarr
spec:
selector:
app: prowlarr
ports:
- port: 9696
targetPort: 9696
protocol: TCP
name: http

141
nix/homelab/kustomize/media/qbittorrent.yaml Normal file
View File

@@ -0,0 +1,141 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: qbittorrent
namespace: media
labels:
app: qbittorrent
annotations:
kubectl.kubernetes.io/default-container: qbittorrent
spec:
replicas: 1
selector:
matchLabels:
app: qbittorrent
template:
metadata:
labels:
app: qbittorrent
spec:
containers:
- name: gluetun
image: qmcgaw/gluetun
securityContext:
capabilities:
add:
- NET_ADMIN
env:
- name: VPN_SERVICE_PROVIDER
value: "custom"
- name: VPN_TYPE
value: "wireguard"
- name: TZ
value: "America/Vancouver"
- name: FIREWALL
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
- name: DNS_KEEP_NAMESERVER
value: "on"
- name: LOG_LEVEL
value: "info"
volumeMounts:
- name: wireguard-config
mountPath: /gluetun/wireguard/wg0.conf
subPath: wg0.conf
readOnly: true
- name: tun
mountPath: /dev/net/tun
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /v1/vpn/status
port: 8000
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /v1/vpn/status
port: 8000
initialDelaySeconds: 10
periodSeconds: 60
timeoutSeconds: 5
- name: qbittorrent
image: lscr.io/linuxserver/qbittorrent
ports:
- containerPort: 8080
name: http
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "America/Vancouver"
- name: WEBUI_PORT
value: "8080"
volumeMounts:
- name: config
mountPath: /config
- name: data
mountPath: /mnt/data
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2
memory: 2Gi
volumes:
- name: config
persistentVolumeClaim:
claimName: qbittorrent-config
- name: data
nfs:
server: 192.168.27.2
path: /data
- name: wireguard-config
secret:
secretName: wireguard-config
- name: tun
hostPath:
path: /dev/net/tun
type: CharDevice
---
apiVersion: v1
kind: Service
metadata:
name: qbittorrent
namespace: media
labels:
app: qbittorrent
spec:
selector:
app: qbittorrent
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http

90
nix/homelab/kustomize/media/radarr.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: radarr
namespace: media
labels:
app: radarr
spec:
replicas: 1
selector:
matchLabels:
app: radarr
template:
metadata:
labels:
app: radarr
spec:
containers:
- name: radarr
image: lscr.io/linuxserver/radarr
ports:
- containerPort: 7878
name: http
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "America/Vancouver"
volumeMounts:
- name: config
mountPath: /config
- name: data
mountPath: /mnt/data
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /ping
port: 7878
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /ping
port: 7878
initialDelaySeconds: 10
periodSeconds: 10
volumes:
- name: config
persistentVolumeClaim:
claimName: radarr-config
- name: data
nfs:
server: 192.168.27.2
path: /data
---
apiVersion: v1
kind: Service
metadata:
name: radarr
namespace: media
labels:
app: radarr
spec:
selector:
app: radarr
ports:
- port: 7878
targetPort: 7878
protocol: TCP
name: http

98
nix/homelab/kustomize/media/sonarr.yaml Normal file
View File

@@ -0,0 +1,98 @@
apiVersion: v1
kind: Namespace
metadata:
name: media
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarr
namespace: media
labels:
app: sonarr
spec:
replicas: 1
selector:
matchLabels:
app: sonarr
template:
metadata:
labels:
app: sonarr
spec:
containers:
- name: sonarr
image: lscr.io/linuxserver/sonarr
securityContext:
runAsUser: 0
runAsGroup: 0
ports:
- containerPort: 8989
name: http
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "America/Vancouver"
volumeMounts:
- name: config
mountPath: /config
- name: data
mountPath: /mnt/data
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /ping
port: 8989
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /ping
port: 8989
initialDelaySeconds: 10
periodSeconds: 10
volumes:
- name: config
persistentVolumeClaim:
claimName: sonarr-config
- name: data
nfs:
server: 192.168.27.2
path: /data
---
apiVersion: v1
kind: Service
metadata:
name: sonarr
namespace: media
labels:
app: sonarr
spec:
selector:
app: sonarr
ports:
- port: 8989
targetPort: 8989
protocol: TCP
name: http

24
nix/homelab/kustomize/metallb/pool.yaml
View File

@@ -5,17 +5,7 @@ metadata:
namespace: metallb-system namespace: metallb-system
spec: spec:
addresses: addresses:
- 192.168.18.31-192.168.18.61 - 192.168.27.12-192.168.27.30
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: rufus-pool
namespace: metallb-system
spec:
addresses:
- 192.168.27.10-192.168.27.30
autoAssign: false
--- ---
apiVersion: metallb.io/v1beta1 apiVersion: metallb.io/v1beta1
kind: L2Advertisement kind: L2Advertisement
@@ -25,15 +15,3 @@ metadata:
spec: spec:
ipAddressPools: ipAddressPools:
- pool - pool
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: rufus-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- rufus-pool
nodeSelectors:
- matchLabels:
kubernetes.io/hostname: rufus

263
nix/homelab/kustomize/routes.yaml Normal file
View File

@@ -0,0 +1,263 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: gitea
namespace: git
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- git.lucalise.ca
rules:
- backendRefs:
- name: gitea-http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: gitea-ssh
namespace: git
spec:
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
services:
- name: gitea-ssh
port: 22
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: home-assistant
namespace: home
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- home-assistant.lucalise.ca
rules:
- backendRefs:
- name: home-assistant
port: 8080
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: sonarr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- sonarr.lucalise.ca
rules:
- backendRefs:
- name: sonarr
port: 8989
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: longhorn
namespace: longhorn-system
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- storage.lucalise.ca
rules:
- backendRefs:
- name: longhorn-frontend
port: 80
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: pihole
namespace: pihole-system
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- pihole.lucalise.ca
rules:
- backendRefs:
- name: pihole-web
port: 80
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: minecraft-router
namespace: minecraft
spec:
entryPoints:
- minecraft
routes:
- match: HostSNI(`*`)
services:
- name: minecraft-router-mc-router
port: 25565
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: prowlarr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- prowlarr.lucalise.ca
rules:
- backendRefs:
- name: prowlarr
port: 9696
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: radarr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- radarr.lucalise.ca
rules:
- backendRefs:
- name: radarr
port: 7878
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: qbittorrent
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- qbit.lucalise.ca
rules:
- backendRefs:
- name: qbittorrent
port: 8080
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: flaresolverr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- flare.lucalise.ca
rules:
- backendRefs:
- name: flaresolverr
port: 8191
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: jellyfin
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- media.lucalise.ca
rules:
- backendRefs:
- name: jellyfin
port: 8096
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: grafana
namespace: monitoring
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- grafana.lucalise.ca
rules:
- backendRefs:
- name: prometheus-stack-grafana
port: 80
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks

272
nix/homelab/kustomize/routes/consul-media.yaml
View File

@@ -1,272 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: bazarr
namespace: media
spec:
ports:
- port: 6767
targetPort: 6767
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: bazarr
namespace: media
subsets:
- addresses:
- ip: 192.168.20.20
ports:
- port: 6767
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: bazarr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "bazarr.lucalise.ca"
rules:
- backendRefs:
- name: bazarr
port: 6767
---
apiVersion: v1
kind: Service
metadata:
name: prowlarr
namespace: media
spec:
ports:
- port: 9696
targetPort: 9696
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: prowlarr
namespace: media
subsets:
- addresses:
- ip: 192.168.20.17
ports:
- port: 9696
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: prowlarr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "prowlarr.lucalise.ca"
rules:
- backendRefs:
- name: prowlarr
port: 9696
---
apiVersion: v1
kind: Service
metadata:
name: radarr
namespace: media
spec:
ports:
- port: 7878
targetPort: 7878
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: radarr
namespace: media
subsets:
- addresses:
- ip: 192.168.20.15
ports:
- port: 7878
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: radarr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "radarr.lucalise.ca"
rules:
- backendRefs:
- name: radarr
port: 7878
---
apiVersion: v1
kind: Service
metadata:
name: sonarr
namespace: media
spec:
ports:
- port: 8989
targetPort: 8989
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: sonarr
namespace: media
subsets:
- addresses:
- ip: 192.168.20.16
ports:
- port: 8989
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: sonarr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "sonarr.lucalise.ca"
rules:
- backendRefs:
- name: sonarr
port: 8989
---
apiVersion: v1
kind: Service
metadata:
name: qbittorrent
namespace: media
spec:
ports:
- port: 8090
targetPort: 8090
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: qbittorrent
namespace: media
subsets:
- addresses:
- ip: 192.168.20.6
ports:
- port: 8090
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: qbittorrent
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "qbit.lucalise.ca"
rules:
- backendRefs:
- name: qbittorrent
port: 8090
---
apiVersion: v1
kind: Service
metadata:
name: flaresolverr
namespace: media
spec:
ports:
- port: 8191
targetPort: 8191
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: flaresolverr
namespace: media
subsets:
- addresses:
- ip: 192.168.20.4
ports:
- port: 8191
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: flaresolverr
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "flare.lucalise.ca"
rules:
- backendRefs:
- name: flaresolverr
port: 8191
---
apiVersion: v1
kind: Service
metadata:
name: jellyfin
namespace: media
spec:
ports:
- port: 8096
targetPort: 8096
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: jellyfin
namespace: media
subsets:
- addresses:
- ip: 192.168.20.2
ports:
- port: 8096
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: jellyfin
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "media.lucalise.ca"
rules:
- backendRefs:
- name: jellyfin
port: 8096

43
nix/homelab/kustomize/routes/consul-vaultwarden.yaml
View File

@@ -1,43 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: vaultwarden
---
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
ports:
- port: 8000
targetPort: 8000
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: vaultwarden
namespace: vaultwarden
subsets:
- addresses:
- ip: 192.168.20.22
ports:
- port: 8000
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "vault.lucalise.ca"
rules:
- backendRefs:
- name: vaultwarden
port: 8000

15
nix/homelab/kustomize/routes/gitea/http.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: gitea
namespace: git
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "git.lucalise.ca"
rules:
- backendRefs:
- name: gitea-http
port: 3000

13
nix/homelab/kustomize/routes/gitea/ssh.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: gitea-ssh
namespace: git
spec:
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
services:
- name: gitea-ssh
port: 22

21
nix/homelab/kustomize/routes/home-assistant.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: home-assistant
namespace: home
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "home-assistant.lucalise.ca"
rules:
- filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
backendRefs:
- name: home-assistant
port: 8080

21
nix/homelab/kustomize/routes/longhorn.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: longhorn
namespace: longhorn-system
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "storage.lucalise.ca"
rules:
- filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
backendRefs:
- name: longhorn-frontend
port: 80

13
nix/homelab/kustomize/routes/minecraft.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: minecraft-router
namespace: minecraft
spec:
entryPoints:
- minecraft
routes:
- match: HostSNI(`*`)
services:
- name: minecraft-router-mc-router
port: 25565

21
nix/homelab/kustomize/routes/pihole.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: pihole
namespace: pihole-system
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "pihole.lucalise.ca"
rules:
- filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
backendRefs:
- name: pihole-web
port: 80

24
nix/homelab/kustomize/traefik/chains.yaml
View File

@@ -24,9 +24,31 @@ apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: private-networks name: private-networks
namespace: pihole-system namespace: media
spec: spec:
chain: chain:
middlewares: middlewares:
- name: private-networks - name: private-networks
namespace: kube-system namespace: kube-system
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: private-networks
namespace: monitoring
spec:
chain:
middlewares:
- name: private-networks
namespace: kube-system
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: private-networks
namespace: pihole-system
spec:
chain:
middlewares:
- name: private-networks
namespace: kube-system

2
nix/homelab/kustomize/traefik/config.yaml
View File

@@ -9,8 +9,6 @@ spec:
kubernetes.io/hostname: rufus kubernetes.io/hostname: rufus
service: service:
annotations:
metallb.universe.tf/address-pool: rufus-pool
spec: spec:
externalTrafficPolicy: Local externalTrafficPolicy: Local

6
nix/homelab/nodes/kube/configuration.nix
View File

@@ -20,12 +20,6 @@
networking.hostName = meta.hostname; networking.hostName = meta.hostname;
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.firewall.extraCommands = ''
iptables -I INPUT -d 192.168.27.10/32 -s 10.0.0.0/8 -j ACCEPT
iptables -I INPUT -d 192.168.27.10/32 -s 172.16.0.0/12 -j ACCEPT
iptables -I INPUT -d 192.168.27.10/32 -s 192.168.0.0/16 -j ACCEPT
iptables -I INPUT -d 192.168.27.10/32 -j DROP
'';
time.timeZone = "America/Vancouver"; time.timeZone = "America/Vancouver";

2
nix/homelab/nodes/kube/hardware-configuration.nix
View File

@@ -8,7 +8,7 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

1
nix/homelab/scripts/generate-chains.sh
View File

@@ -6,6 +6,7 @@ NAMESPACES=(
"home" "home"
"longhorn-system" "longhorn-system"
"pihole-system" "pihole-system"
"media"
) )
OUTPUT_FILE="kustomize/traefik/chains.yaml" OUTPUT_FILE="kustomize/traefik/chains.yaml"

155
nix/homelab/scripts/generate-routes.sh Executable file
View File

@@ -0,0 +1,155 @@
#!/usr/bin/env bash
set -e
# Route definitions: name:hostname:port:protocol:private
# - name: service name (required)
# - hostname: custom hostname, use '-' for default (name.lucalise.ca)
# - port: service port (required)
# - protocol: TCP (default) or UDP
# - private: true/false (default false) - adds private-networks middleware
ROUTES=(
"sonarr:-:8989:TCP:true"
"radarr:-:7878:TCP:true"
"prowlarr:-:9696:TCP:true"
"bazarr:-:6767:TCP:true"
"jellyfin:media:8096:TCP:false"
"home-assistant:-:8123:TCP:true"
)
DOMAIN="lucalise.ca"
OUTPUT_DIR="kustomize/routes"
generate_http_route() {
local name="$1"
local hostname="$2"
local port="$3"
local protocol="$4"
local private="$5"
if [[ -z "$hostname" || "$hostname" == "-" ]]; then
hostname="$name"
fi
if [[ -z "$protocol" ]]; then
protocol="TCP"
fi
if [[ -z "$private" ]]; then
private="false"
fi
local fqdn="${hostname}.${DOMAIN}"
local filters_section=""
if [[ "$private" == "true" ]]; then
filters_section=" - filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks
backendRefs:"
else
filters_section=" - backendRefs:"
fi
cat <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: ${name}
namespace: media
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- "${fqdn}"
rules:
${filters_section}
- name: ${name}
port: ${port}
EOF
}
write_kustomization() {
local kustomization_file="${OUTPUT_DIR}/../kustomization.yaml"
local temp_file=$(mktemp)
# Collect new route paths
local route_paths=()
for route in "${ROUTES[@]}"; do
IFS=':' read -r name _ _ _ _ <<< "$route"
route_paths+=(" - ./routes/${name}.yaml")
done
local in_resources=false
local resources_written=false
while IFS= read -r line; do
# Detect resources section
if [[ "$line" == "resources:" ]]; then
in_resources=true
echo "$line" >> "$temp_file"
continue
fi
# If in resources section
if [[ "$in_resources" == true ]]; then
# Check if line is a resource entry (starts with " - ")
if [[ "$line" =~ ^[[:space:]]*-[[:space:]] ]]; then
# Skip route entries, keep everything else
if [[ "$line" =~ \./routes/ ]]; then
continue
else
echo "$line" >> "$temp_file"
fi
else
# End of resources section - write new routes before moving on
if [[ "$resources_written" == false ]]; then
for route_path in "${route_paths[@]}"; do
echo "$route_path" >> "$temp_file"
done
resources_written=true
fi
in_resources=false
echo "$line" >> "$temp_file"
fi
else
echo "$line" >> "$temp_file"
fi
done < "$kustomization_file"
# If file ended while still in resources section, write routes now
if [[ "$in_resources" == true && "$resources_written" == false ]]; then
for route_path in "${route_paths[@]}"; do
echo "$route_path" >> "$temp_file"
done
fi
mv "$temp_file" "$kustomization_file"
echo "Updated ${kustomization_file} with ${#route_paths[@]} routes"
}
main() {
mkdir -p "${OUTPUT_DIR}"
for route in "${ROUTES[@]}"; do
IFS=':' read -r name hostname port protocol private <<< "$route"
echo "Generating route for ${name}..."
output_file="${OUTPUT_DIR}/${name}.yaml"
generate_http_route "$name" "$hostname" "$port" "$protocol" "$private" > "$output_file"
echo " -> ${output_file}"
done
echo ""
write_kustomization
echo ""
echo "Done! Generated ${#ROUTES[@]} routes."
}
main "$@"

11
nix/homelab/src/commands.rs Normal file
View File

@@ -0,0 +1,11 @@
pub mod generate_routes;
use clap::Subcommand;
#[derive(Subcommand, Debug)]
pub enum Commands {
/// generate gateway api routes
GenerateRoutes,
/// sync dns records with pi-hole
SyncDNS,
}

171
nix/homelab/src/commands/generate_routes.rs Normal file
View File

@@ -0,0 +1,171 @@
use std::collections::BTreeSet;
use serde::{Deserialize, Serialize};
use crate::{Config, HelperError};
#[derive(Serialize, Deserialize, Default, Debug, Clone)]
pub struct Route {
#[serde(default)]
kind: RouteKind,
name: String,
hostname: Option<String>,
entrypoint: Option<String>,
namespace: String,
service: Option<String>,
port: i16,
private: bool,
}
impl Route {
fn hostname(&self) -> &str {
self.hostname.as_ref().unwrap_or(&self.name)
}
}
#[derive(Serialize, Deserialize, Default, Debug, Clone)]
enum RouteKind {
#[default]
HTTP,
TCP,
}
pub fn generate_routes(config: &Config) -> Result<(), HelperError> {
let routes = config.routes.iter().enumerate().try_fold(
String::new(),
|mut acc, (i, r)| -> Result<_, HelperError> {
if i > 0 {
acc.push_str("\n---\n");
}
acc.push_str(&generate_route(r)?);
Ok(acc)
},
)?;
let chains = generate_chains(&config.routes);
std::fs::write("kustomize/routes.yaml", &routes)?;
std::fs::write("kustomize/traefik/chains.yaml", &chains)?;
println!("Wrote: {}", routes);
Ok(())
}
fn generate_route(route: &Route) -> Result<String, HelperError> {
Ok(match route.kind {
RouteKind::HTTP => generate_http_route(route),
RouteKind::TCP => generate_tcp_route(route)?,
})
}
fn generate_chains(routes: &[Route]) -> String {
let namespaces = routes
.iter()
.filter_map(|r| {
if !r.private {
return None;
}
Some(r.namespace.as_str())
})
.collect::<BTreeSet<_>>();
namespaces
.iter()
.enumerate()
.fold(String::new(), |mut acc, (i, n)| {
if i > 0 {
acc.push_str("\n---\n");
}
acc.push_str(&format!(
r#"apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: private-networks
namespace: {}
spec:
chain:
middlewares:
- name: private-networks
namespace: kube-system"#,
n
));
acc
})
}
fn generate_http_route(route: &Route) -> String {
let mut filters_section = String::new();
if route.private {
filters_section = format!(
r#"
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: private-networks"#
);
};
format!(
r#"apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {}
namespace: {}
spec:
parentRefs:
- name: traefik-gateway
namespace: kube-system
hostnames:
- {}.lucalise.ca
rules:
- backendRefs:
- name: {}
port: {}{}"#,
route.name,
route.namespace,
route.hostname(),
route.service.as_ref().unwrap_or_else(|| &route.name),
route.port,
filters_section
)
.trim_end()
.to_string()
}
fn generate_tcp_route(route: &Route) -> Result<String, HelperError> {
let mut middlewares_section = String::new();
if route.private {
middlewares_section = format!(
r#"
middlewares:
- name: private-networks"#
);
}
Ok(format!(
r#"apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {}
namespace: {}
spec:
entryPoints:
- {}
routes:
- match: HostSNI(`*`){}
services:
- name: {}
port: {}"#,
route.name,
route.namespace,
route
.entrypoint
.as_ref()
.ok_or(HelperError::TCPEntryPoint(route.name.clone()))?,
middlewares_section,
route.service.as_ref().unwrap_or_else(|| &route.name),
route.port
)
.trim_end()
.to_string())
}

20
nix/homelab/src/dns.rs Normal file
View File

@@ -0,0 +1,20 @@
use crate::{
error::Result,
lease_parser::{Lease, parse_leases},
transport::Transport,
};
pub struct Router<T: Transport> {
transport: T,
}
impl<T: Transport> Router<T> {
pub fn new(transport: T) -> Self {
Self { transport }
}
pub fn dhcp_leases(&self, resource: &str) -> Result<Vec<Lease>> {
let raw = self.transport.fetch(resource)?;
parse_leases(&raw).map_err(|e| crate::error::Error::Parse(e.to_string()))
}
}

15
nix/homelab/src/error.rs Normal file
View File

@@ -0,0 +1,15 @@
use thiserror::Error;
#[derive(Debug, Error)]
pub enum Error {
#[error("SSH error: {0}")]
SSH(#[from] ssh2::Error),
#[error("parse error: {0}")]
Parse(String),
#[error("IO error: {0}")]
IO(#[from] std::io::Error),
#[error("command return non 0 exit code: {0}")]
ExitCode(i32),
}
pub type Result<T> = std::result::Result<T, Error>;

146
nix/homelab/src/lease_parser.rs Normal file
View File

@@ -0,0 +1,146 @@
use std::net::IpAddr;
use nom::{
IResult, Parser,
branch::alt,
bytes::complete::{tag, take_till, take_until, take_while1},
character::complete::{char, digit1, multispace1, space0, space1},
combinator::{map, map_res, value},
multi::many0,
sequence::{delimited, preceded, terminated},
};
#[derive(Debug, Clone, PartialEq)]
pub struct Lease {
pub ip: IpAddr,
pub binding_state: BindingState,
pub client_hostname: Option<String>,
}
#[allow(dead_code)]
#[derive(Debug, Clone, PartialEq)]
pub enum BindingState {
Active,
Free,
Abandoned,
Backup,
}
#[allow(dead_code)]
#[derive(Debug, Clone)]
enum LeaseField {
BindingState(BindingState),
ClientHostname(String),
Other,
}
fn ws(input: &str) -> IResult<&str, ()> {
value(
(),
many0(alt((
value((), multispace1),
value((), (tag("#"), take_until("\n"), tag("\n"))),
))),
)
.parse(input)
}
fn parse_ip(input: &str) -> IResult<&str, IpAddr> {
map_res(
take_while1(|c: char| c.is_ascii_digit() || c == '.'),
str::parse,
)
.parse(input)
}
fn parse_field(input: &str) -> IResult<&str, LeaseField> {
alt((
map(
preceded(
(tag("client-hostname"), space1),
terminated(
delimited(char('"'), take_until("\""), char('"')),
(space0, char(';')),
),
),
|h: &str| LeaseField::ClientHostname(h.to_string()),
),
map(
preceded(
(tag("binding"), space1, tag("state"), space1),
terminated(
alt((
value(BindingState::Active, tag("active")),
value(BindingState::Free, tag("free")),
value(BindingState::Abandoned, tag("abandoned")),
value(BindingState::Backup, tag("backup")),
)),
(space0, char(';')),
),
),
LeaseField::BindingState,
),
value(
LeaseField::Other,
preceded(
(tag("uid"), space1),
terminated(
delimited(char('"'), take_until("\""), char('"')),
(space0, char(';')),
),
),
),
value(
LeaseField::Other,
(take_till(|c| c == ';' || c == '}'), char(';')),
),
))
.parse(input)
}
pub fn parse_lease(input: &str) -> IResult<&str, Lease> {
let (input, _) = ws(input)?;
let (input, _) = tag("lease").parse(input)?;
let (input, _) = space1(input)?;
let (input, ip) = parse_ip(input)?;
let (input, _) = space0(input)?;
let (input, _) = char('{').parse(input)?;
let (input, _) = ws(input)?;
let (input, fields) = many0(terminated(parse_field, ws)).parse(input)?;
let (input, _) = char('}').parse(input)?;
let (input, _) = ws(input)?;
let mut lease = Lease {
ip,
binding_state: BindingState::Free,
client_hostname: None,
};
for field in fields {
match field {
LeaseField::BindingState(s) => lease.binding_state = s,
LeaseField::ClientHostname(h) => lease.client_hostname = Some(h),
LeaseField::Other => {}
}
}
Ok((input, lease))
}
pub fn parse_leases(input: &str) -> Result<Vec<Lease>, nom::Err<nom::error::Error<&str>>> {
let mut leases = Vec::new();
let Some(start) = input.find("\nlease ") else {
return Ok(leases);
};
let mut remaining = &input[start..];
while !remaining.is_empty() {
let (rest, lease) = parse_lease(remaining)?;
leases.push(lease);
remaining = rest;
}
Ok(leases)
}

80
nix/homelab/src/main.rs Normal file
View File

@@ -0,0 +1,80 @@
mod commands;
mod dns;
mod error;
mod lease_parser;
mod transport;
use std::path::Path;
use anyhow::Context;
use clap::{CommandFactory, Parser};
use serde::{Deserialize, Serialize};
use thiserror::Error;
use crate::{
commands::{
Commands,
generate_routes::{Route, generate_routes},
},
dns::Router,
lease_parser::{BindingState, Lease},
transport::SSHTransport,
};
#[derive(Parser, Debug)]
#[command(version = "0.1.0", about = "Helper for k3s", long_about = None)]
struct Cli {
#[command(subcommand)]
command: Option<Commands>,
}
#[derive(Debug, Error)]
pub enum HelperError {
#[error("error reading file")]
ReadFile(#[from] std::io::Error),
#[error("error parsing config toml")]
TomlError(#[from] toml::de::Error),
#[error("entrypoint required for tcproute: {0:?}")]
TCPEntryPoint(String),
}
#[derive(Serialize, Deserialize)]
pub struct Config {
routes: Vec<Route>,
}
pub fn parse_config<T: AsRef<Path>>(path: T) -> anyhow::Result<Config> {
let bytes = std::fs::read(&path).context(format!(
"failed to read config file: {}",
path.as_ref().display()
))?;
Ok(toml::from_slice::<Config>(&bytes)?)
}
fn main() -> anyhow::Result<()> {
let cli = Cli::parse();
match &cli.command {
Some(Commands::GenerateRoutes {}) => {
let config = parse_config("./config.toml")?;
generate_routes(&config)?;
}
Some(Commands::SyncDNS {}) => {
let r = Router::new(SSHTransport::new("192.168.15.1:22")?);
let leases = r
.dhcp_leases("/var/dhcpd/var/db/dhcpd.leases")?
.into_iter()
.filter(|l| {
if !(l.binding_state == BindingState::Active && l.client_hostname.is_some()) {
return false;
}
true
})
.collect::<Vec<Lease>>();
println!("{:#?}", leases);
}
None => Cli::command().print_long_help()?,
}
Ok(())
}

9
nix/homelab/src/transport.rs Normal file
View File

@@ -0,0 +1,9 @@
mod ssh;
pub use ssh::SSHTransport;
use crate::error::Result;
pub trait Transport {
fn fetch(&self, resource: &str) -> Result<String>;
}

46
nix/homelab/src/transport/ssh.rs Normal file
View File

@@ -0,0 +1,46 @@
use std::{io::Read, net::TcpStream, path::Path};
use ssh2::Session;
use crate::{error::Result, transport::Transport};
pub struct SSHTransport {
session: Session,
}
impl SSHTransport {
pub fn new(host: &str) -> Result<Self> {
let stream = TcpStream::connect(host)?;
let mut s = Self {
session: Session::new()?,
};
s.session.set_tcp_stream(stream);
s.session.handshake()?;
s.session.userauth_pubkey_file(
"luca",
None,
Path::new("/home/luca/.ssh/id_ed25519"),
None,
)?;
Ok(s)
}
}
impl Transport for SSHTransport {
fn fetch(&self, resource: &str) -> Result<String> {
let mut channel = self.session.channel_session()?;
channel.exec(&format!("cat {}", resource))?;
let mut output = String::new();
channel.read_to_string(&mut output)?;
channel.wait_close()?;
let c = channel.exit_status()?;
if c != 0 {
return Err(crate::error::Error::ExitCode(c));
}
Ok(output)
}
}

2
nix/modules/commonPackages.nix
View File

@@ -76,6 +76,8 @@
kubectl kubectl
kubernetes-helm kubernetes-helm
helmfile helmfile
jless
fd
]; ];
programs.nix-ld.enable = lib.mkDefault true; programs.nix-ld.enable = lib.mkDefault true;
programs.zsh.enable = lib.mkDefault true; programs.zsh.enable = lib.mkDefault true;

5
nix/users/luca/zsh.nix
View File

@@ -23,8 +23,6 @@ in
export PATH="$GOBIN:$PATH" export PATH="$GOBIN:$PATH"
export PATH="$HOME/.cache/.bun/bin:$PATH" export PATH="$HOME/.cache/.bun/bin:$PATH"
alias cat="bat" alias cat="bat"
alias k="kubectl"
alias ka="kubectl get --all-namespaces"
'' ''
+ "\n" + "\n"
+ aliases; + aliases;
@@ -32,6 +30,9 @@ in
enable = true; enable = true;
plugins = [ plugins = [
"git" "git"
"rust"
"kubectl"
"helm"
]; ];
}; };
plugins = [ plugins = [