From 56e28b1b47f555f44a7905486927c09e3dca6242 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 22:23:09 +1000 Subject: [PATCH 1/5] Bit of a .. rewrite. --- charts/dns/Chart.yaml | 5 - charts/dns/templates/clusterrole.yaml | 32 ---- charts/dns/templates/external-dns.yaml | 38 ----- charts/dns/templates/master.yaml | 136 ----------------- environments/dev.yaml | 28 ++++ environments/kustomization.yaml | 6 + environments/prod.yaml | 28 ++++ home-server/Chart.yaml | 9 -- home-server/values.yaml | 24 --- old-manifests/Chart.yaml | 41 ------ old-manifests/templates/ai/namespace.yaml | 5 - old-manifests/templates/ai/openwebui.yaml | 72 --------- old-manifests/templates/auth/authentik.yaml | 49 ------ old-manifests/templates/auth/namespace.yaml | 5 - old-manifests/templates/dns/Chart.yaml | 4 - old-manifests/templates/dns/bind-master.yaml | 139 ------------------ old-manifests/templates/dns/externaldns.yaml | 74 ---------- old-manifests/templates/dns/namespace.yaml | 5 - old-manifests/templates/files/namespace.yaml | 5 - old-manifests/templates/files/nextcloud.yaml | 137 ----------------- old-manifests/templates/media/namespace.yaml | 5 - .../templates/monitoring/grafana.yaml | 37 ----- old-manifests/templates/monitoring/loki.yaml | 33 ----- .../templates/monitoring/namespace.yaml | 5 - .../templates/monitoring/prometheus.yaml | 40 ----- .../templates/monitoring/provider.yaml | 22 --- old-manifests/templates/remote/namespace.yaml | 5 - old-manifests/templates/remote/rustdesk.yaml | 72 --------- old-manifests/templates/social/namespace.yaml | 5 - old-manifests/templates/sync/linkwarden.yaml | 60 -------- old-manifests/templates/sync/namespace.yaml | 5 - old-manifests/templates/sync/syncthing.yaml | 104 ------------- old-manifests/templates/sync/vaultwarden.yaml | 100 ------------- old-manifests/templates/util/Chart.yaml | 4 - .../util/templates/00-namespace.yaml | 5 - .../util/templates/10-replicator.yaml | 98 ------------ .../util/templates/20-certmanager.yaml | 72 --------- .../templates/util/templates/20-mariadb.yaml | 60 -------- old-manifests/values.yaml | 24 --- 39 files changed, 62 insertions(+), 1536 deletions(-) delete mode 100644 charts/dns/Chart.yaml delete mode 100644 charts/dns/templates/clusterrole.yaml delete mode 100644 charts/dns/templates/external-dns.yaml delete mode 100644 charts/dns/templates/master.yaml create mode 100644 environments/dev.yaml create mode 100644 environments/kustomization.yaml create mode 100644 environments/prod.yaml delete mode 100644 home-server/Chart.yaml delete mode 100644 home-server/values.yaml delete mode 100644 old-manifests/Chart.yaml delete mode 100644 old-manifests/templates/ai/namespace.yaml delete mode 100644 old-manifests/templates/ai/openwebui.yaml delete mode 100644 old-manifests/templates/auth/authentik.yaml delete mode 100644 old-manifests/templates/auth/namespace.yaml delete mode 100644 old-manifests/templates/dns/Chart.yaml delete mode 100644 old-manifests/templates/dns/bind-master.yaml delete mode 100644 old-manifests/templates/dns/externaldns.yaml delete mode 100644 old-manifests/templates/dns/namespace.yaml delete mode 100644 old-manifests/templates/files/namespace.yaml delete mode 100644 old-manifests/templates/files/nextcloud.yaml delete mode 100644 old-manifests/templates/media/namespace.yaml delete mode 100644 old-manifests/templates/monitoring/grafana.yaml delete mode 100644 old-manifests/templates/monitoring/loki.yaml delete mode 100644 old-manifests/templates/monitoring/namespace.yaml delete mode 100644 old-manifests/templates/monitoring/prometheus.yaml delete mode 100644 old-manifests/templates/monitoring/provider.yaml delete mode 100644 old-manifests/templates/remote/namespace.yaml delete mode 100644 old-manifests/templates/remote/rustdesk.yaml delete mode 100644 old-manifests/templates/social/namespace.yaml delete mode 100644 old-manifests/templates/sync/linkwarden.yaml delete mode 100644 old-manifests/templates/sync/namespace.yaml delete mode 100644 old-manifests/templates/sync/syncthing.yaml delete mode 100644 old-manifests/templates/sync/vaultwarden.yaml delete mode 100644 old-manifests/templates/util/Chart.yaml delete mode 100644 old-manifests/templates/util/templates/00-namespace.yaml delete mode 100644 old-manifests/templates/util/templates/10-replicator.yaml delete mode 100644 old-manifests/templates/util/templates/20-certmanager.yaml delete mode 100644 old-manifests/templates/util/templates/20-mariadb.yaml delete mode 100644 old-manifests/values.yaml diff --git a/charts/dns/Chart.yaml b/charts/dns/Chart.yaml deleted file mode 100644 index 0c8db9e..0000000 --- a/charts/dns/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v2 -name: home-server-dns -description: Deploys a master/slave DNS server with External DNS for declaring hostnames with annotations. -version: 0.0.1 diff --git a/charts/dns/templates/clusterrole.yaml b/charts/dns/templates/clusterrole.yaml deleted file mode 100644 index a01f23b..0000000 --- a/charts/dns/templates/clusterrole.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: external-dns -rules: - - apiGroups: [""] - resources: ["services","endpoints","pods"] - verbs: ["get","watch","list"] - - apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get","watch","list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["list","watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: external-dns-viewer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: external-dns -subjects: - - kind: ServiceAccount - name: external-dns ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: external-dns diff --git a/charts/dns/templates/external-dns.yaml b/charts/dns/templates/external-dns.yaml deleted file mode 100644 index 4705370..0000000 --- a/charts/dns/templates/external-dns.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: external-dns -spec: - replicas: 1 - selector: - matchLabels: - app: external-dns - template: - metadata: - labels: - app: external-dns - spec: - serviceAccountName: external-dns - containers: - - name: external-dns - image: bitnami/external-dns:latest - args: - - --source=service - - --source=ingress - - --provider=rfc2136 - - --rfc2136-host=bind-master.dns.svc.cluster.local - - --rfc2136-port=53 - - --rfc2136-zone=hxme.net - - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) - - --rfc2136-tsig-secret-alg=hmac-sha256 - - --rfc2136-tsig-keyname=externaldns-key - - --policy=sync - - --registry=txt - - --txt-owner-id=my-cluster - env: - - name: RFC2136_TSIG_SECRET - valueFrom: - secretKeyRef: - name: dns-secrets - key: externaldns-secret diff --git a/charts/dns/templates/master.yaml b/charts/dns/templates/master.yaml deleted file mode 100644 index aed06f4..0000000 --- a/charts/dns/templates/master.yaml +++ /dev/null @@ -1,136 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bind-master-config -data: - named.conf: | - include "/etc/bind/externaldns-key.conf"; - - options { - directory "/var/cache/bind"; - - recursion yes; - allow-query { any; }; - - listen-on port 53 { any; }; - listen-on-v6 port 53 { any; }; - - forwarders { - 10.40.0.254; - }; - - dnssec-validation auto; - }; - - zone "." IN { - type hint; - file "/usr/share/dns/root.hints"; - }; - - zone "hxme.net." IN { - type master; - file "/etc/bind/db.hxme.net"; - allow-update { key "externaldns-key"; }; - }; - db.hxme.net: | - $TTL 3600 - @ IN SOA ns1.hxme.net. admin.hxme.net. ( - 1 ; Serial - 7200 ; Refresh - 1800 ; Retry - 1209600 ; Expire - 86400 ) ; Negative Cache TTL - ; - @ IN NS ns1.hxme.net. - ns1 IN A 10.40.0.110 - @ IN A 10.40.0.110 - www IN A 10.40.0.110 ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: bind-master -spec: - selector: - matchLabels: - app: bind-master - template: - metadata: - labels: - app: bind-master - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - securityContext: - fsGroup: 999 - initContainers: - - name: fetch-root-hints - image: debian:12 - command: - - sh - - -c - - | - apt update && apt -y install curl - curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints - volumeMounts: - - mountPath: /usr/share/dns - name: root-hints - containers: - - name: bind-master - image: internetsystemsconsortium/bind9:9.18 - command: ["named", "-g", "-c", "/etc/bind/named.conf"] - ports: - - containerPort: 53 - protocol: UDP - - containerPort: 53 - protocol: TCP - volumeMounts: - - name: config - mountPath: /etc/bind/named.conf - subPath: named.conf - - name: config - mountPath: /etc/bind/db.hxme.net - subPath: db.hxme.net - - name: dns-secrets - mountPath: /etc/bind/externaldns-key.conf - subPath: externaldns-key.conf - - name: bind-cache - mountPath: /var/cache/bind - - name: bind-rundir - mountPath: /var/run/named - - name: root-hints - mountPath: /usr/share/dns - volumes: - - name: dns-secrets - secret: - secretName: dns-secrets - - name: config - configMap: - name: bind-master-config - - name: bind-cache - emptyDir: {} - - name: bind-rundir - emptyDir: {} - - name: root-hints - emptyDir: {} - ---- -apiVersion: v1 -kind: Service -metadata: - name: bind-master -spec: - selector: - app: bind-master - ports: - - name: dns-udp - port: 53 - protocol: UDP - targetPort: 53 - - name: dns-tcp - port: 53 - protocol: TCP - targetPort: 53 - - diff --git a/environments/dev.yaml b/environments/dev.yaml new file mode 100644 index 0000000..ac07858 --- /dev/null +++ b/environments/dev.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: GitRepository +metadata: + name: home-server-dev + namespace: flux-system +spec: + interval: 1m + url: ssh://git@repobase.net/j/home-server.git + secretRef: + name: flux-ssh + ref: + branch: dev + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: home-server-dev + namespace: flux-system +spec: + interval: 1m + path: ./deployments + prune: true + sourceRef: + kind: GitRepository + name: home-server-dev + targetNamespace: home-server-dev diff --git a/environments/kustomization.yaml b/environments/kustomization.yaml new file mode 100644 index 0000000..f1be2a5 --- /dev/null +++ b/environments/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - dev.yaml + - prod.yaml diff --git a/environments/prod.yaml b/environments/prod.yaml new file mode 100644 index 0000000..83c9673 --- /dev/null +++ b/environments/prod.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: GitRepository +metadata: + name: home-server + namespace: flux-system +spec: + interval: 1m + url: ssh://git@repobase.net/j/home-server.git + secretRef: + name: flux-ssh + ref: + branch: main + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: home-server + namespace: flux-system +spec: + interval: 1m + path: ./deployments + prune: true + sourceRef: + kind: GitRepository + name: home-server + targetNamespace: home-server diff --git a/home-server/Chart.yaml b/home-server/Chart.yaml deleted file mode 100644 index 2c171b0..0000000 --- a/home-server/Chart.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v2 -name: home-server -description: A Helm chart that rolls a curated, functional home server -version: 0.0.1 - -dependencies: - - name: util - version: 0.0.1 - repository: "file://templates/util" diff --git a/home-server/values.yaml b/home-server/values.yaml deleted file mode 100644 index 4bbdba6..0000000 --- a/home-server/values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -ai: - enabled: true - -dns: - enabled: false - -media: - enabled: true - -monitoring: - enabled: true - -remote: - enabled: false - -social: - enabled: true - -sync: - enabled: false - -util: - enabled: true - diff --git a/old-manifests/Chart.yaml b/old-manifests/Chart.yaml deleted file mode 100644 index 98f4c4b..0000000 --- a/old-manifests/Chart.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v2 -name: home-server -description: A Helm chart that rolls a curated, functional home server -version: 0.0.1 - -dependencies: - - name: util - version: 0.0.1 - repository: "file://templates/util" - - - name: dns - version: 0.0.1 - repository: "file://templates/dns" -# -# - name: files -# version: 0.0.1 -# repository: "file://templates/files" -# -# - name: ai -# version: 0.0.1 -# repository: "file://templates/ai" -# -# - name: media -# version: 0.0.1 -# repository: "file://templates/media" -# -# - name: monitoring -# version: 0.0.1 -# repository: "file://templates/monitoring" -# -# - name: remote -# version: 0.0.1 -# repository: "file://templates/remote" -# -# - name: social -# version: 0.0.1 -# repository: "file://templates/social" -# -# - name: sync -# version: 0.0.1 -# repository: "file://templates/sync" diff --git a/old-manifests/templates/ai/namespace.yaml b/old-manifests/templates/ai/namespace.yaml deleted file mode 100644 index c252dcd..0000000 --- a/old-manifests/templates/ai/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ai diff --git a/old-manifests/templates/ai/openwebui.yaml b/old-manifests/templates/ai/openwebui.yaml deleted file mode 100644 index f6ed214..0000000 --- a/old-manifests/templates/ai/openwebui.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: openwebui - namespace: ai -spec: - replicas: 1 - selector: - matchLabels: - app: openwebui - template: - metadata: - labels: - app: openwebui - spec: - containers: - - name: openwebui - image: ghcr.io/open-webui/open-webui:latest - ports: - - containerPort: 8080 - env: - - name: OLLAMA_BASE_URL - value: http://ollama:11434 - volumeMounts: - - name: ai-storage - mountPath: /app/backend/data - volumes: - - name: ai-storage - hostPath: - path: /dpool/files/ai/ - type: Directory ---- -apiVersion: v1 -kind: Service -metadata: - name: openwebui - namespace: ai -spec: - selector: - app: openwebui - ports: - - protocol: TCP - port: 80 - targetPort: 8080 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: openwebui - namespace: ai - annotations: - kubernetes.io/ingress.class: "traefik" - external-dns.alpha.kubernetes.io/hostname: nc.hxme.net -spec: - rules: - - host: ai.hxme.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: openwebui - port: - number: 80 - tls: - - hosts: - - ai.hxme.net - secretName: openwebui-tls - - diff --git a/old-manifests/templates/auth/authentik.yaml b/old-manifests/templates/auth/authentik.yaml deleted file mode 100644 index c1c5b32..0000000 --- a/old-manifests/templates/auth/authentik.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: authentik - namespace: flux-system -spec: - url: https://charts.goauthentik.io/ - interval: 1h ---- -apiVersion: v1 -kind: Secret -metadata: - name: wildcard-hxme-net - namespace: auth - annotations: - replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: authentik - namespace: auth -spec: - interval: 30m - chart: - spec: - chart: authentik - version: 2024.4.2 - sourceRef: - kind: HelmRepository - name: authentik - namespace: flux-system - install: - createNamespace: true - upgrade: - disableWait: false - timeout: 10m - valuesFrom: - - kind: Secret - name: authentik-values - values: - ingress: - annotations: - external-dns.alpha.kubernetes.io/hostname: auth.hxme.net - tls: - - secretName: wildcard-hxme-net - hosts: - - auth.hxme.net diff --git a/old-manifests/templates/auth/namespace.yaml b/old-manifests/templates/auth/namespace.yaml deleted file mode 100644 index c252dcd..0000000 --- a/old-manifests/templates/auth/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ai diff --git a/old-manifests/templates/dns/Chart.yaml b/old-manifests/templates/dns/Chart.yaml deleted file mode 100644 index 20ede8d..0000000 --- a/old-manifests/templates/dns/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: dns -description: "DNS subchart for home-server" -version: 0.0.1 diff --git a/old-manifests/templates/dns/bind-master.yaml b/old-manifests/templates/dns/bind-master.yaml deleted file mode 100644 index 7683f55..0000000 --- a/old-manifests/templates/dns/bind-master.yaml +++ /dev/null @@ -1,139 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bind-master-config - namespace: dns -data: - named.conf: | - include "/etc/bind/externaldns-key.conf"; - - options { - directory "/var/cache/bind"; - - recursion yes; - allow-query { any; }; - - listen-on port 53 { any; }; - listen-on-v6 port 53 { any; }; - - forwarders { - 10.40.0.254; - }; - - dnssec-validation auto; - }; - - zone "." IN { - type hint; - file "/usr/share/dns/root.hints"; - }; - - zone "hxme.net." IN { - type master; - file "/etc/bind/db.hxme.net"; - allow-update { key "externaldns-key"; }; - }; - db.hxme.net: | - $TTL 3600 - @ IN SOA ns1.hxme.net. admin.hxme.net. ( - 1 ; Serial - 7200 ; Refresh - 1800 ; Retry - 1209600 ; Expire - 86400 ) ; Negative Cache TTL - ; - @ IN NS ns1.hxme.net. - ns1 IN A 10.40.0.110 - @ IN A 10.40.0.110 - www IN A 10.40.0.110 ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: bind-master - namespace: dns -spec: - selector: - matchLabels: - app: bind-master - template: - metadata: - labels: - app: bind-master - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - securityContext: - fsGroup: 999 - initContainers: - - name: fetch-root-hints - image: debian:12 - command: - - sh - - -c - - | - apt update && apt -y install curl - curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints - volumeMounts: - - mountPath: /usr/share/dns - name: root-hints - containers: - - name: bind-master - image: internetsystemsconsortium/bind9:9.18 - command: ["named", "-g", "-c", "/etc/bind/named.conf"] - ports: - - containerPort: 53 - protocol: UDP - - containerPort: 53 - protocol: TCP - volumeMounts: - - name: config - mountPath: /etc/bind/named.conf - subPath: named.conf - - name: config - mountPath: /etc/bind/db.hxme.net - subPath: db.hxme.net - - name: dns-secrets - mountPath: /etc/bind/externaldns-key.conf - subPath: externaldns-key.conf - - name: bind-cache - mountPath: /var/cache/bind - - name: bind-rundir - mountPath: /var/run/named - - name: root-hints - mountPath: /usr/share/dns - volumes: - - name: dns-secrets - secret: - secretName: dns-secrets - - name: config - configMap: - name: bind-master-config - - name: bind-cache - emptyDir: {} - - name: bind-rundir - emptyDir: {} - - name: root-hints - emptyDir: {} - ---- -apiVersion: v1 -kind: Service -metadata: - name: bind-master - namespace: dns -spec: - selector: - app: bind-master - ports: - - name: dns-udp - port: 53 - protocol: UDP - targetPort: 53 - - name: dns-tcp - port: 53 - protocol: TCP - targetPort: 53 - - diff --git a/old-manifests/templates/dns/externaldns.yaml b/old-manifests/templates/dns/externaldns.yaml deleted file mode 100644 index a029940..0000000 --- a/old-manifests/templates/dns/externaldns.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: external-dns -rules: - - apiGroups: [""] - resources: ["services","endpoints","pods"] - verbs: ["get","watch","list"] - - apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get","watch","list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["list","watch"] - # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: external-dns-viewer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: external-dns -subjects: - - kind: ServiceAccount - name: external-dns - namespace: dns ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: external-dns - namespace: dns ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: external-dns - namespace: dns -spec: - replicas: 1 - selector: - matchLabels: - app: external-dns - template: - metadata: - labels: - app: external-dns - spec: - serviceAccountName: external-dns - containers: - - name: external-dns - image: bitnami/external-dns:latest - args: - - --source=service - - --source=ingress - - --provider=rfc2136 - - --rfc2136-host=bind-master.dns.svc.cluster.local - - --rfc2136-port=53 - - --rfc2136-zone=hxme.net - - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) - - --rfc2136-tsig-secret-alg=hmac-sha256 - - --rfc2136-tsig-keyname=externaldns-key - - --policy=sync - - --registry=txt - - --txt-owner-id=my-cluster - env: - - name: RFC2136_TSIG_SECRET - valueFrom: - secretKeyRef: - name: dns-secrets - key: externaldns-secret diff --git a/old-manifests/templates/dns/namespace.yaml b/old-manifests/templates/dns/namespace.yaml deleted file mode 100644 index 52c7228..0000000 --- a/old-manifests/templates/dns/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: dns diff --git a/old-manifests/templates/files/namespace.yaml b/old-manifests/templates/files/namespace.yaml deleted file mode 100644 index 311b86d..0000000 --- a/old-manifests/templates/files/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: files diff --git a/old-manifests/templates/files/nextcloud.yaml b/old-manifests/templates/files/nextcloud.yaml deleted file mode 100644 index cb3ab91..0000000 --- a/old-manifests/templates/files/nextcloud.yaml +++ /dev/null @@ -1,137 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nextcloud-pv -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: local-path - hostPath: - path: /dpool/temp/Nextcloud ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-pvc - namespace: nextcloud -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-path - resources: - requests: - storage: 10Gi - volumeName: nextcloud-pv ---- -apiVersion: v1 -kind: Service -metadata: - name: nextcloud - namespace: nextcloud -spec: - ports: - - port: 80 - selector: - app: nextcloud ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nextcloud - namespace: nextcloud -spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - selector: - matchLabels: - app: nextcloud - template: - metadata: - labels: - app: nextcloud - spec: - containers: - - name: nextcloud - image: nextcloud:29 - env: - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: nextcloud-secrets - key: MYSQL_PASSWORD - - name: MYSQL_DATABASE - value: nextcloud - - name: MYSQL_USER - value: nextcloud - - name: MYSQL_HOST - value: mariadb - ports: - - containerPort: 80 - volumeMounts: - - name: nextcloud-data - mountPath: /var/www/html - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - volumes: - - name: nextcloud-data - persistentVolumeClaim: - claimName: nextcloud-pvc ---- -apiVersion: k8s.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: nextcloud-db - namespace: nextcloud -spec: - rootPasswordSecretKeyRef: - name: nextcloud-secrets - key: MYSQL_ROOT_PASSWORD - database: nextcloud - username: nextcloud - passwordSecretKeyRef: - name: nextcloud-secrets - key: MYSQL_PASSWORD - image: mariadb:10.11 - storage: - size: 5Gi ---- -apiVersion: v1 -kind: Secret -metadata: - name: wildcard-hxme-net - namespace: nextcloud - annotations: - replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: nextcloud - namespace: nextcloud - annotations: - external-dns.alpha.kubernetes.io/hostname: nc.hxme.net -spec: - tls: - - hosts: - - nc.hxme.net - secretName: wildcard-hxme-net - rules: - - host: nc.hxme.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: nextcloud - port: - number: 80 - diff --git a/old-manifests/templates/media/namespace.yaml b/old-manifests/templates/media/namespace.yaml deleted file mode 100644 index 6a99325..0000000 --- a/old-manifests/templates/media/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: media diff --git a/old-manifests/templates/monitoring/grafana.yaml b/old-manifests/templates/monitoring/grafana.yaml deleted file mode 100644 index 47ed5e0..0000000 --- a/old-manifests/templates/monitoring/grafana.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: grafana - namespace: monitoring -spec: - interval: 30m - chart: - spec: - chart: grafana - version: 7.3.0 - sourceRef: - kind: HelmRepository - name: grafana - namespace: flux-system - install: - createNamespace: true - values: - admin: - existingSecret: grafana-admin-secret - userKey: admin-user - passwordKey: admin-password - service: - type: LoadBalancer - annotations: - external-dns.alpha.kubernetes.io/hostname: "grafana.hxme.net" - datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Loki - type: loki - access: proxy - url: http://loki:3100 - isDefault: true - diff --git a/old-manifests/templates/monitoring/loki.yaml b/old-manifests/templates/monitoring/loki.yaml deleted file mode 100644 index b327a8e..0000000 --- a/old-manifests/templates/monitoring/loki.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: loki - namespace: monitoring -spec: - interval: 30m - chart: - spec: - chart: loki - version: 6.6.4 - sourceRef: - kind: HelmRepository - name: grafana - namespace: flux-system - install: - createNamespace: true - values: - loki: - auth_enabled: false - singleBinary: - replicas: 1 - service: - type: LoadBalancer - annotations: - external-dns.alpha.kubernetes.io/hostname: "loki.hxme.net" - write: - replicas: 1 - read: - replicas: 1 - backend: - replicas: 1 diff --git a/old-manifests/templates/monitoring/namespace.yaml b/old-manifests/templates/monitoring/namespace.yaml deleted file mode 100644 index ff7ae1b..0000000 --- a/old-manifests/templates/monitoring/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring diff --git a/old-manifests/templates/monitoring/prometheus.yaml b/old-manifests/templates/monitoring/prometheus.yaml deleted file mode 100644 index dd4d5a6..0000000 --- a/old-manifests/templates/monitoring/prometheus.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: prometheus-community - namespace: flux-system -spec: - url: https://prometheus-community.github.io/helm-charts - interval: 1h ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: prometheus-operator - namespace: monitoring -spec: - interval: 30m - chart: - spec: - chart: kube-prometheus-stack - version: 58.1.2 - sourceRef: - kind: HelmRepository - name: prometheus-community - namespace: flux-system - install: - createNamespace: true - upgrade: - disableWait: true - timeout: 5m - values: - prometheus: - prometheusSpec: - serviceMonitorSelectorNilUsesHelmValues: false - # Optional: expose Prometheus/Grafana via NodePort, Ingress, etc. - grafana: - enabled: false - alertmanager: - enabled: true - diff --git a/old-manifests/templates/monitoring/provider.yaml b/old-manifests/templates/monitoring/provider.yaml deleted file mode 100644 index 3af442a..0000000 --- a/old-manifests/templates/monitoring/provider.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: grafana - namespace: flux-system -spec: - url: https://grafana.github.io/helm-charts - interval: 1h ---- -apiVersion: v1 -kind: Secret -metadata: - name: wildcard-hxme-net - namespace: monitoring - annotations: - replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net diff --git a/old-manifests/templates/remote/namespace.yaml b/old-manifests/templates/remote/namespace.yaml deleted file mode 100644 index 84965e5..0000000 --- a/old-manifests/templates/remote/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: remote diff --git a/old-manifests/templates/remote/rustdesk.yaml b/old-manifests/templates/remote/rustdesk.yaml deleted file mode 100644 index 9e1ba31..0000000 --- a/old-manifests/templates/remote/rustdesk.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: rustdesk-charts - namespace: flux-system -spec: - url: https://charts.rustdesk.com - interval: 1h ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: rustdesk-server - namespace: remote -spec: - interval: 30m - chart: - spec: - chart: rustdesk-server - version: 0.5.0 - sourceRef: - kind: HelmRepository - name: rustdesk-charts - namespace: flux-system - install: - createNamespace: true - values: - hbbs: - enabled: true - service: - type: ClusterIP - ports: - - name: tcp - port: 21115 - targetPort: 21115 - - name: tcp-hbbs - port: 21116 - targetPort: 21116 - - name: udp - port: 21116 - targetPort: 21116 - protocol: UDP - - hbbr: - enabled: true - service: - type: ClusterIP - ports: - - name: tcp-hbbr - port: 21117 - targetPort: 21117 - - ingress: - enabled: true - className: "traefik" # or nginx or your ingress class - annotations: {} - hosts: - - host: rd.hxme.net - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - rd.hxme.net - secretName: rustdesk-tls - - # Optional admin password – change this in production - env: - ENCRYPTED_ONLY: "false" - ENABLE_LOG: "true" - diff --git a/old-manifests/templates/social/namespace.yaml b/old-manifests/templates/social/namespace.yaml deleted file mode 100644 index 7c93211..0000000 --- a/old-manifests/templates/social/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: social diff --git a/old-manifests/templates/sync/linkwarden.yaml b/old-manifests/templates/sync/linkwarden.yaml deleted file mode 100644 index 770be83..0000000 --- a/old-manifests/templates/sync/linkwarden.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: linkwarden - namespace: sync -spec: - replicas: 1 - selector: - matchLabels: - app: linkwarden - template: - metadata: - labels: - app: linkwarden - spec: - containers: - - name: linkwarden - image: ghcr.io/linkwarden/linkwarden:latest - ports: - - containerPort: 8080 - env: - - name: ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: linkwarden-secret - key: admin-password - # Add other environment variables here as needed - volumeMounts: - - name: linkwarden-data - mountPath: /data - volumes: - - name: linkwarden-data - emptyDir: {} # Change to persistentVolumeClaim for production ---- -apiVersion: v1 -kind: Secret -metadata: - name: linkwarden-secret - namespace: sync -type: Opaque -stringData: - admin-password: "YourStrongAdminPasswordHere" ---- -apiVersion: v1 -kind: Service -metadata: - name: linkwarden - namespace: sync - annotations: - external-dns.alpha.kubernetes.io/hostname: lw.hxme.net -spec: - selector: - app: linkwarden - ports: - - protocol: TCP - port: 80 - targetPort: 8080 - type: ClusterIP - diff --git a/old-manifests/templates/sync/namespace.yaml b/old-manifests/templates/sync/namespace.yaml deleted file mode 100644 index 1477548..0000000 --- a/old-manifests/templates/sync/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: sync diff --git a/old-manifests/templates/sync/syncthing.yaml b/old-manifests/templates/sync/syncthing.yaml deleted file mode 100644 index 74dea87..0000000 --- a/old-manifests/templates/sync/syncthing.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: syncthing-data - namespace: sync -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: syncthing-share-pv -spec: - capacity: - storage: 1000Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - hostPath: - path: /dpool/files ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: syncthing-share - namespace: sync -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1000Gi - volumeName: syncthing-share-pv ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: syncthing - namespace: sync -spec: - replicas: 1 - selector: - matchLabels: - app: syncthing - template: - metadata: - labels: - app: syncthing - spec: - containers: - - name: syncthing - image: syncthing/syncthing:latest - ports: - - containerPort: 8384 - - containerPort: 22000 - - containerPort: 21027 - protocol: UDP - volumeMounts: - - name: syncthing-data - mountPath: /var/syncthing - - name: syncthing-share - mountPath: /shared - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - volumes: - - name: syncthing-data - persistentVolumeClaim: - claimName: syncthing-data - - name: syncthing-share - persistentVolumeClaim: - claimName: syncthing-share ---- -apiVersion: v1 -kind: Service -metadata: - name: syncthing - namespace: sync -spec: - selector: - app: syncthing - ports: - - name: web-ui - port: 8384 - targetPort: 8384 - - name: sync-tcp - port: 22000 - targetPort: 22000 - - name: sync-udp - port: 22000 - protocol: UDP - targetPort: 22000 - - name: discovery - port: 21027 - protocol: UDP - targetPort: 21027 - type: ClusterIP - diff --git a/old-manifests/templates/sync/vaultwarden.yaml b/old-manifests/templates/sync/vaultwarden.yaml deleted file mode 100644 index 8bd7a74..0000000 --- a/old-manifests/templates/sync/vaultwarden.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: vaultwarden - namespace: sync - labels: - app: vaultwarden -spec: - replicas: 1 - selector: - matchLabels: - app: vaultwarden - template: - metadata: - labels: - app: vaultwarden - spec: - containers: - - name: vaultwarden - image: vaultwarden/server:1.30.5 - imagePullPolicy: IfNotPresent - env: - - name: WEBSOCKET_ENABLED - value: "true" - - name: SIGNUPS_ALLOWED - value: "false" - - name: DOMAIN - value: "https://vw.hxme.net" - - name: ADMIN_TOKEN - value: "CHANGEME_SUPER_SECRET" - ports: - - containerPort: 80 - name: http - volumeMounts: - - name: data - mountPath: /data - resources: - requests: - cpu: 50m - memory: 128Mi - limits: - cpu: 250m - memory: 512Mi - volumes: - - name: data - persistentVolumeClaim: - claimName: bitwarden-data ---- -apiVersion: v1 -kind: Service -metadata: - name: vaultwarden - namespace: sync - labels: - app: vaultwarden -spec: - type: ClusterIP - selector: - app: vaultwarden - ports: - - name: http - port: 80 - targetPort: http ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: vaultwarden - namespace: sync - annotations: - kubernetes.io/ingress.class: traefik -spec: - rules: - - host: vw.hxme.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: vaultwarden - port: - number: 80 - tls: - - hosts: - - vw.hxme.net - secretName: bitwarden-tls ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bitwarden-data - namespace: sync -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - diff --git a/old-manifests/templates/util/Chart.yaml b/old-manifests/templates/util/Chart.yaml deleted file mode 100644 index 0d605a0..0000000 --- a/old-manifests/templates/util/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: util -description: "Utility subchart for home-server" -version: 0.0.1 diff --git a/old-manifests/templates/util/templates/00-namespace.yaml b/old-manifests/templates/util/templates/00-namespace.yaml deleted file mode 100644 index f860de2..0000000 --- a/old-manifests/templates/util/templates/00-namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: util diff --git a/old-manifests/templates/util/templates/10-replicator.yaml b/old-manifests/templates/util/templates/10-replicator.yaml deleted file mode 100644 index e8ec276..0000000 --- a/old-manifests/templates/util/templates/10-replicator.yaml +++ /dev/null @@ -1,98 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubernetes-replicator - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubernetes-replicator -rules: - - apiGroups: ["", "apps", "extensions"] - resources: - - secrets - - configmaps - - roles - - rolebindings - - cronjobs - - deployments - - events - - ingresses - - jobs - - pods - - pods/attach - - pods/exec - - pods/log - - pods/portforward - - services - - namespaces - - serviceaccounts - verbs: ["*"] - - apiGroups: ["batch"] - resources: - - configmaps - - cronjobs - - deployments - - events - - ingresses - - jobs - - pods - - pods/attach - - pods/exec - - pods/log - - pods/portforward - - services - verbs: ["*"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - roles - - rolebindings - - clusterrolebindings - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-replicator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-replicator -subjects: - - kind: ServiceAccount - name: kubernetes-replicator - namespace: kube-system ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: mittwald - namespace: flux-system -spec: - url: https://helm.mittwald.de - interval: 1h ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kubernetes-replicator - namespace: kube-system -spec: - interval: 5m - chart: - spec: - chart: kubernetes-replicator - sourceRef: - kind: HelmRepository - name: mittwald - namespace: flux-system - install: - createNamespace: false - upgrade: - disableWait: false - values: - serviceAccount: - create: false - name: kubernetes-replicator diff --git a/old-manifests/templates/util/templates/20-certmanager.yaml b/old-manifests/templates/util/templates/20-certmanager.yaml deleted file mode 100644 index f238e14..0000000 --- a/old-manifests/templates/util/templates/20-certmanager.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: jetstack - namespace: flux-system -spec: - url: https://charts.jetstack.io - interval: 1h ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: cert-manager - namespace: cert-manager -spec: - interval: 30m - chart: - spec: - chart: cert-manager - version: v1.18.2 - sourceRef: - kind: HelmRepository - name: jetstack - namespace: flux-system - install: - crds: CreateReplace - createNamespace: true - values: - installCRDs: true - extraArgs: - - --dns01-recursive-nameservers-only - - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-rfc2136 -spec: - acme: - email: admin@hxme.net - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-rfc2136 - solvers: - - dns01: - rfc2136: - nameserver: hawke.hxst.com.au:53 - tsigKeyName: "hxme-update-key" - tsigAlgorithm: HMACSHA512 - tsigSecretSecretRef: - name: hxme-update-key - key: hxme-update-key ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: wildcard-hxme-net - namespace: cert-manager -spec: - secretName: wildcard-hxme-net - secretTemplate: - annotations: - replicator.v1.mittwald.de/replication-allowed: "true" - replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud" - issuerRef: - name: letsencrypt-rfc2136 - kind: ClusterIssuer - commonName: "hxme.net" - dnsNames: - - "hxme.net" - - "*.hxme.net" diff --git a/old-manifests/templates/util/templates/20-mariadb.yaml b/old-manifests/templates/util/templates/20-mariadb.yaml deleted file mode 100644 index 04febe6..0000000 --- a/old-manifests/templates/util/templates/20-mariadb.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: mariadb-system ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: mariadb-operator - namespace: flux-system -spec: - url: https://helm.mariadb.com/mariadb-operator - interval: 1h ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: mariadb-operator-crds - namespace: mariadb-system -spec: - interval: 30m - chart: - spec: - chart: mariadb-operator-crds - version: 0.38.1 - sourceRef: - kind: HelmRepository - name: mariadb-operator - namespace: flux-system - install: - createNamespace: true - upgrade: - disableWait: true - timeout: 5m ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: mariadb-operator - namespace: mariadb-system -spec: - interval: 30m - chart: - spec: - chart: mariadb-operator - version: 0.38.1 - sourceRef: - kind: HelmRepository - name: mariadb-operator - namespace: flux-system - install: - createNamespace: true - dependsOn: - - name: mariadb-operator-crds - namespace: mariadb-system - values: - metrics: - enabled: true - diff --git a/old-manifests/values.yaml b/old-manifests/values.yaml deleted file mode 100644 index 4bbdba6..0000000 --- a/old-manifests/values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -ai: - enabled: true - -dns: - enabled: false - -media: - enabled: true - -monitoring: - enabled: true - -remote: - enabled: false - -social: - enabled: true - -sync: - enabled: false - -util: - enabled: true - -- 2.47.2 From 4d11768bbfa811a3d98207243f409411ffc1b962 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:05:03 +1000 Subject: [PATCH 2/5] Port DNS charts --- charts/dns/Chart.yaml | 0 charts/dns/templates/bind-master.yaml | 136 ++++++++++++++++++ charts/dns/templates/bind-slave.yaml | 136 ++++++++++++++++++ charts/dns/templates/externaldns.yaml | 72 ++++++++++ deployments/home-server.yaml | 15 -- deployments/kustomization.yaml | 5 +- deployments/manifests/00-namespaces.yaml | 10 ++ .../manifests/10-dev.yaml | 0 .../manifests/10-prod.yaml | 0 deployments/namespaces.yaml | 5 - environments/kustomization.yaml | 6 - 11 files changed, 357 insertions(+), 28 deletions(-) create mode 100644 charts/dns/Chart.yaml create mode 100644 charts/dns/templates/bind-master.yaml create mode 100644 charts/dns/templates/bind-slave.yaml create mode 100644 charts/dns/templates/externaldns.yaml delete mode 100644 deployments/home-server.yaml create mode 100644 deployments/manifests/00-namespaces.yaml rename environments/dev.yaml => deployments/manifests/10-dev.yaml (100%) rename environments/prod.yaml => deployments/manifests/10-prod.yaml (100%) delete mode 100644 deployments/namespaces.yaml delete mode 100644 environments/kustomization.yaml diff --git a/charts/dns/Chart.yaml b/charts/dns/Chart.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/dns/templates/bind-master.yaml b/charts/dns/templates/bind-master.yaml new file mode 100644 index 0000000..aed06f4 --- /dev/null +++ b/charts/dns/templates/bind-master.yaml @@ -0,0 +1,136 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bind-master-config +data: + named.conf: | + include "/etc/bind/externaldns-key.conf"; + + options { + directory "/var/cache/bind"; + + recursion yes; + allow-query { any; }; + + listen-on port 53 { any; }; + listen-on-v6 port 53 { any; }; + + forwarders { + 10.40.0.254; + }; + + dnssec-validation auto; + }; + + zone "." IN { + type hint; + file "/usr/share/dns/root.hints"; + }; + + zone "hxme.net." IN { + type master; + file "/etc/bind/db.hxme.net"; + allow-update { key "externaldns-key"; }; + }; + db.hxme.net: | + $TTL 3600 + @ IN SOA ns1.hxme.net. admin.hxme.net. ( + 1 ; Serial + 7200 ; Refresh + 1800 ; Retry + 1209600 ; Expire + 86400 ) ; Negative Cache TTL + ; + @ IN NS ns1.hxme.net. + ns1 IN A 10.40.0.110 + @ IN A 10.40.0.110 + www IN A 10.40.0.110 +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: bind-master +spec: + selector: + matchLabels: + app: bind-master + template: + metadata: + labels: + app: bind-master + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + securityContext: + fsGroup: 999 + initContainers: + - name: fetch-root-hints + image: debian:12 + command: + - sh + - -c + - | + apt update && apt -y install curl + curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints + volumeMounts: + - mountPath: /usr/share/dns + name: root-hints + containers: + - name: bind-master + image: internetsystemsconsortium/bind9:9.18 + command: ["named", "-g", "-c", "/etc/bind/named.conf"] + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + volumeMounts: + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: config + mountPath: /etc/bind/db.hxme.net + subPath: db.hxme.net + - name: dns-secrets + mountPath: /etc/bind/externaldns-key.conf + subPath: externaldns-key.conf + - name: bind-cache + mountPath: /var/cache/bind + - name: bind-rundir + mountPath: /var/run/named + - name: root-hints + mountPath: /usr/share/dns + volumes: + - name: dns-secrets + secret: + secretName: dns-secrets + - name: config + configMap: + name: bind-master-config + - name: bind-cache + emptyDir: {} + - name: bind-rundir + emptyDir: {} + - name: root-hints + emptyDir: {} + +--- +apiVersion: v1 +kind: Service +metadata: + name: bind-master +spec: + selector: + app: bind-master + ports: + - name: dns-udp + port: 53 + protocol: UDP + targetPort: 53 + - name: dns-tcp + port: 53 + protocol: TCP + targetPort: 53 + + diff --git a/charts/dns/templates/bind-slave.yaml b/charts/dns/templates/bind-slave.yaml new file mode 100644 index 0000000..11a880b --- /dev/null +++ b/charts/dns/templates/bind-slave.yaml @@ -0,0 +1,136 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bind-slave-config +data: + named.conf: | + include "/etc/bind/externaldns-key.conf"; + + options { + directory "/var/cache/bind"; + + recursion yes; + allow-query { any; }; + + listen-on port 53 { any; }; + listen-on-v6 port 53 { any; }; + + forwarders { + 10.40.0.254; + }; + + dnssec-validation auto; + }; + + zone "." IN { + type hint; + file "/usr/share/dns/root.hints"; + }; + + zone "hxme.net." IN { + type master; + file "/etc/bind/db.hxme.net"; + allow-update { key "externaldns-key"; }; + }; + db.hxme.net: | + $TTL 3600 + @ IN SOA ns1.hxme.net. admin.hxme.net. ( + 1 ; Serial + 7200 ; Refresh + 1800 ; Retry + 1209600 ; Expire + 86400 ) ; Negative Cache TTL + ; + @ IN NS ns1.hxme.net. + ns1 IN A 10.40.0.110 + @ IN A 10.40.0.110 + www IN A 10.40.0.110 +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: bind-slave +spec: + selector: + matchLabels: + app: bind-slave + template: + metadata: + labels: + app: bind-slave + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + securityContext: + fsGroup: 999 + initContainers: + - name: fetch-root-hints + image: debian:12 + command: + - sh + - -c + - | + apt update && apt -y install curl + curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints + volumeMounts: + - mountPath: /usr/share/dns + name: root-hints + containers: + - name: bind-slave + image: internetsystemsconsortium/bind9:9.18 + command: ["named", "-g", "-c", "/etc/bind/named.conf"] + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + volumeMounts: + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: config + mountPath: /etc/bind/db.hxme.net + subPath: db.hxme.net + - name: dns-secrets + mountPath: /etc/bind/externaldns-key.conf + subPath: externaldns-key.conf + - name: bind-cache + mountPath: /var/cache/bind + - name: bind-rundir + mountPath: /var/run/named + - name: root-hints + mountPath: /usr/share/dns + volumes: + - name: dns-secrets + secret: + secretName: dns-secrets + - name: config + configMap: + name: bind-slave-config + - name: bind-cache + emptyDir: {} + - name: bind-rundir + emptyDir: {} + - name: root-hints + emptyDir: {} + +--- +apiVersion: v1 +kind: Service +metadata: + name: bind-slave +spec: + selector: + app: bind-slave + ports: + - name: dns-udp + port: 53 + protocol: UDP + targetPort: 53 + - name: dns-tcp + port: 53 + protocol: TCP + targetPort: 53 + + diff --git a/charts/dns/templates/externaldns.yaml b/charts/dns/templates/externaldns.yaml new file mode 100644 index 0000000..814af6c --- /dev/null +++ b/charts/dns/templates/externaldns.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: + - apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] + - apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list","watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: + - kind: ServiceAccount + name: external-dns +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns +spec: + replicas: 1 + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: external-dns + image: bitnami/external-dns:latest + args: + - --source=service + - --source=ingress + - --provider=rfc2136 + - --rfc2136-host=bind-master.dns.svc.cluster.local + - --rfc2136-port=53 + - --rfc2136-zone=hxme.net + - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) + - --rfc2136-tsig-secret-alg=hmac-sha256 + - --rfc2136-tsig-keyname=externaldns-key + - --policy=sync + - --registry=txt + - --txt-owner-id=my-cluster + env: + - name: RFC2136_TSIG_SECRET + valueFrom: + secretKeyRef: + name: dns-secrets + key: externaldns-secret + + diff --git a/deployments/home-server.yaml b/deployments/home-server.yaml deleted file mode 100644 index 571e677..0000000 --- a/deployments/home-server.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: home-server - namespace: home-server -spec: - interval: 1m - chart: - spec: - chart: ./charts/dns - sourceRef: - kind: GitRepository - name: home-server - namespace: flux-system diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index e9e965a..72ce1b0 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,5 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespaces.yaml - - home-server.yaml + - manifests/00-namespaces.yaml + - manifests/10-dev.yaml + - manifests/10-prod.yaml diff --git a/deployments/manifests/00-namespaces.yaml b/deployments/manifests/00-namespaces.yaml new file mode 100644 index 0000000..73496f4 --- /dev/null +++ b/deployments/manifests/00-namespaces.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: home-server +--- +apiVersion: v1 +kind: Namespace +metadata: + name: home-server-dev diff --git a/environments/dev.yaml b/deployments/manifests/10-dev.yaml similarity index 100% rename from environments/dev.yaml rename to deployments/manifests/10-dev.yaml diff --git a/environments/prod.yaml b/deployments/manifests/10-prod.yaml similarity index 100% rename from environments/prod.yaml rename to deployments/manifests/10-prod.yaml diff --git a/deployments/namespaces.yaml b/deployments/namespaces.yaml deleted file mode 100644 index f956aa2..0000000 --- a/deployments/namespaces.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: home-server diff --git a/environments/kustomization.yaml b/environments/kustomization.yaml deleted file mode 100644 index f1be2a5..0000000 --- a/environments/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - dev.yaml - - prod.yaml -- 2.47.2 From 36f1e4ca2a7ea2f76096d4c8f600e41c073a1f71 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:11:50 +1000 Subject: [PATCH 3/5] Convert service to load balancer --- charts/dns/templates/bind-master.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dns/templates/bind-master.yaml b/charts/dns/templates/bind-master.yaml index aed06f4..4d3328c 100644 --- a/charts/dns/templates/bind-master.yaml +++ b/charts/dns/templates/bind-master.yaml @@ -121,6 +121,7 @@ kind: Service metadata: name: bind-master spec: + type: ClusterIP selector: app: bind-master ports: @@ -133,4 +134,3 @@ spec: protocol: TCP targetPort: 53 - -- 2.47.2 From d9859dc3c8efe6633a8883554b737a7ac726e57d Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:13:40 +1000 Subject: [PATCH 4/5] Load balancer --- charts/dns/templates/bind-slave.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/dns/templates/bind-slave.yaml b/charts/dns/templates/bind-slave.yaml index 11a880b..091e96e 100644 --- a/charts/dns/templates/bind-slave.yaml +++ b/charts/dns/templates/bind-slave.yaml @@ -119,10 +119,13 @@ spec: apiVersion: v1 kind: Service metadata: - name: bind-slave + name: bind-master + namespace: default spec: + type: LoadBalancer + externalTrafficPolicy: Local selector: - app: bind-slave + app: bind-master ports: - name: dns-udp port: 53 @@ -133,4 +136,3 @@ spec: protocol: TCP targetPort: 53 - -- 2.47.2 From 54c13bc17303f2dac4456b6c740faa5a9d6d85fe Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:13:51 +1000 Subject: [PATCH 5/5] required chart declarations --- charts/dns/Chart.yaml | 5 +++++ charts/dns/values.yaml | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 charts/dns/values.yaml diff --git a/charts/dns/Chart.yaml b/charts/dns/Chart.yaml index e69de29..79489eb 100644 --- a/charts/dns/Chart.yaml +++ b/charts/dns/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: home-server-dns +description: Deploys the DNS setup +type: application +version: 0.1.0 diff --git a/charts/dns/values.yaml b/charts/dns/values.yaml new file mode 100644 index 0000000..d36eb41 --- /dev/null +++ b/charts/dns/values.yaml @@ -0,0 +1,2 @@ +domain: "auth.dev.hxme.net" +certSecretName: "wildcard-hxme-net" -- 2.47.2