viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update tls certs; add technitium doh open without recursion for now; add dashy web

Browse source
This commit is contained in:
Viktor Barzin 2023-10-21 12:14:31 +00:00
parent b286c33c2e
commit e71c3946db
No known key found for this signature in database
GPG key ID: 4056458DBDBF8863
7 changed files with 259 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

203
modules/kubernetes/dashy/main.tf Normal file
View file

@ -0,0 +1,203 @@
variable "tls_secret_name" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "dashy"
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_namespace" "dashy" {
metadata {
name = "dashy"
}
}
resource "kubernetes_config_map" "config" {
metadata {
name = "config"
namespace = "dashy"
annotations = {
"reloader.stakater.com/match" = "true"
}
}
data = {
"conf.yaml" = <<-EOT
---
pageInfo:
title: Dashy
description: Welcome to your new dashboard!
navLinks:
- title: GitHub
path: https://github.com/Lissy93/dashy
- title: Documentation
path: https://dashy.to/docs
appConfig:
theme: colorful
layout: auto
iconSize: large
language: en
sections:
- name: Getting Started
icon: fas fa-rocket
items:
- &ref_0
title: Dashy Live
description: Development a project management links for Dashy
icon: https://i.ibb.co/qWWpD0v/astro-dab-128.png
url: https://live.dashy.to/
target: newtab
id: 0_1481_dashylive
- &ref_1
title: GitHub
description: Source Code, Issues and Pull Requests
url: https://github.com/lissy93/dashy
icon: favicon
id: 1_1481_github
- &ref_2
title: Docs
description: Configuring & Usage Documentation
provider: Dashy.to
icon: far fa-book
url: https://dashy.to/docs
id: 2_1481_docs
- &ref_3
title: Showcase
description: See how others are using Dashy
url: https://github.com/Lissy93/dashy/blob/master/docs/showcase.md
icon: far fa-grin-hearts
id: 3_1481_showcase
- &ref_4
title: Config Guide
description: See full list of configuration options
url: https://github.com/Lissy93/dashy/blob/master/docs/configuring.md
icon: fas fa-wrench
id: 4_1481_configguide
- &ref_5
title: Support
description: Get help with Dashy, raise a bug, or get in contact
url: https://github.com/Lissy93/dashy/blob/master/.github/SUPPORT.md
icon: far fa-hands-helping
id: 5_1481_support
filteredItems:
- *ref_0
- *ref_1
- *ref_2
- *ref_3
- *ref_4
- *ref_5
EOT
}
}
resource "kubernetes_deployment" "dashy" {
metadata {
name = "dashy"
namespace = "dashy"
labels = {
app = "dashy"
}
annotations = {
"reloader.stakater.com/search" = "true"
}
}
spec {
replicas = 1
selector {
match_labels = {
app = "dashy"
}
}
template {
metadata {
labels = {
app = "dashy"
}
}
spec {
container {
image = "lissy93/dashy:latest"
name = "dashy"
port {
container_port = 80
}
# volume_mount {
# name = "config"
# mount_path = "/app/public/"
# }
}
volume {
name = "config"
config_map {
name = "config"
}
}
}
}
}
}
resource "kubernetes_service" "dashy" {
metadata {
name = "dashy"
namespace = "dashy"
labels = {
app = "dashy"
}
}
spec {
selector = {
app = "dashy"
}
port {
name = "http"
port = "80"
}
}
}
resource "kubernetes_ingress_v1" "dashy" {
metadata {
name = "dashy-ingress"
namespace = "dashy"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
//"nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
//"nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
# "nginx.ingress.kubernetes.io/auth-url" : "https://$host/oauth2/auth"
"nginx.ingress.kubernetes.io/auth-url" : "https://viktorbarzin.uk.auth0.com//oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://$host/oauth2/start?rd=$escaped_request_uri"
"nginx.ingress.kubernetes.io/auth-signin" : "https://viktorbarzin.uk.auth0.com//oauth2/start?rd=$escaped_request_uri"
}
}
spec {
tls {
hosts = ["dashy.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "dashy.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "dashy"
port {
number = 80
}
}
}
}
}
}
}
}

5
modules/kubernetes/main.tf
View file

@ -311,3 +311,8 @@ module "headscale" {
# source = "./metrics_api"
# tls_secret_name = var.tls_secret_name
# }
module "dashy" {
source = "./dashy"
tls_secret_name = var.tls_secret_name
}

51
modules/kubernetes/technitium/main.tf
View file

@ -58,10 +58,17 @@ resource "kubernetes_deployment" "technitium" {
port {
container_port = 53
}
port {
container_port = 80
}
volume_mount {
mount_path = "/etc/dns"
name = "nfs-config"
}
volume_mount {
mount_path = "/etc/tls/"
name = "tls-cert"
}
}
volume {
name = "nfs-config"
@ -70,6 +77,12 @@ resource "kubernetes_deployment" "technitium" {
server = "10.0.10.15"
}
}
volume {
name = "tls-cert"
secret {
secret_name = var.tls_secret_name
}
}
}
}
}
@ -99,6 +112,11 @@ resource "kubernetes_service" "technitium-web" {
port = "5380"
protocol = "TCP"
}
port {
name = "technitium-doh"
port = "80"
protocol = "TCP"
}
}
}
@ -167,3 +185,36 @@ resource "kubernetes_ingress_v1" "technitium" {
}
}
}
resource "kubernetes_ingress_v1" "technitium-doh" {
metadata {
name = "technitium-doh-ingress"
namespace = "technitium"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}
}
spec {
tls {
hosts = ["dns.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "dns.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "technitium-web"
port {
number = 80
}
}
}
}
}
}
}
}

BIN
secrets/certificate.pfx Normal file
View file

Binary file not shown.

BIN
secrets/fullchain.pem
View file

Binary file not shown.

BIN
secrets/privkey.pem
View file

Binary file not shown.

BIN
terraform.tfstate
View file

Binary file not shown.