feat: Nginx | DELETE!

helm/values/nginx-internal.values.yaml

@@ -1,57 +0,0 @@
-controller:
-  replicaCount: 3
-  nodeSelector:
-    nodepool: worker
-  labels:
-    app: nginx-internal
-  topologySpreadConstraints:
-    - maxSkew: 1
-      topologyKey: kubernetes.io/hostname
-      whenUnsatisfiable: DoNotSchedule
-      labelSelector:
-        matchLabels:
-          app: nginx-internal
-  ingressClassResource:
-    name: nginx-internal
-    enabled: true
-    default: true
-    controllerValue: "k8s.io/ingress-nginx"
-    parameters: {}
-  ingressClass: nginx-internal
-  service:
-    annotations:
-      external-dns.alpha.kubernetes.io/hostname: "dogar.dev"
-  extraVolumes:
-    - name: nix-cache
-      persistentVolumeClaim:
-        claimName: nix-cache
-  extraVolumeMounts:
-    - name: nix-cache
-      mountPath: /var/cache/nginx/nix
-  podSecurityContext:
-    fsGroup: 101
-  config:
-    proxy-buffering: "on"
-    proxy-ssl-server-name: "true"
-    http-snippet: |
-      # Persistent on-disk cache; lives on the PVC
-      proxy_cache_path /var/cache/nginx/nix levels=1:2 keys_zone=cachecache:32m max_size=120g inactive=365d use_temp_path=off;
-
-      # Only advertise cacheability for 200/302
-      map $status $cache_header {
-        200     "public";
-        302     "public";
-        default "no-cache";
-      }
-    server-snippet: |
-      location = /robots.txt {
-        default_type text/plain;
-        return 200 "User-agent: GPTBot\nDisallow: /\nUser-agent: CCBot\nDisallow: /\nUser-agent: *\nAllow: /\n";
-      }
-tcp:
-  22:       "homelab/gitea-ssh:22"
-  25565:    "minecraft/monifactory-server:25565"
-  25566:    "minecraft/gtnh-server:25565"
-  25567:    "minecraft/tfg-server:25565"
-  25568:    "minecraft/atm10-server:25565"
-  25569:    "minecraft/star-technology-server:25565"

nginx/index.ts

@@ -1,36 +0,0 @@
-import * as fs from "fs";
-import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
-import { Release } from "@cdktf/provider-helm/lib/release";
-import { Construct } from "constructs";
-
-import { NixCache } from "./nix-cache";
-
-type NginxOptions = {
-  provider: HelmProvider;
-  name: string;
-  namespace: string;
-};
-
-export class Nginx extends Construct {
-  constructor(scope: Construct, id: string, options: NginxOptions) {
-    super(scope, id);
-
-    new Release(this, id, {
-      ...options,
-      repository: "https://kubernetes.github.io/ingress-nginx",
-      chart: "ingress-nginx",
-      createNamespace: true,
-      values: [
-        fs.readFileSync("helm/values/nginx-internal.values.yaml", {
-          encoding: "utf8",
-        }),
-      ],
-    });
-
-    new NixCache(this, "nix-cache", {
-      namespace: options.namespace,
-      host: "nix.dogar.dev",
-      ingressClassName: "nginx-internal",
-    });
-  }
-}

nginx/nix-cache.ts

@@ -1,105 +0,0 @@
-import { Construct } from "constructs";
-import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
-import { IngressV1 } from "@cdktf/provider-kubernetes/lib/ingress-v1";
-import { PersistentVolumeClaimV1 } from "@cdktf/provider-kubernetes/lib/persistent-volume-claim-v1";
-
-export interface NixCacheProps {
-  namespace: string;
-  host: string;
-  ingressClassName?: string;
-  externalName?: string;
-}
-
-export class NixCache extends Construct {
-  constructor(scope: Construct, id: string, props: NixCacheProps) {
-    super(scope, id);
-
-    const {
-      namespace,
-      host,
-      ingressClassName: ingressClass = "nginx-internal",
-      externalName: upstreamHost = "cache.nixos.org",
-    } = props;
-
-    // 1) ExternalName Service -> cache.nixos.org
-    new ServiceV1(this, "nixcache-upstream-svc", {
-      metadata: {
-        name: "nixcache-upstream",
-        namespace,
-      },
-      spec: {
-        type: "ExternalName",
-        externalName: upstreamHost,
-      },
-    });
-
-    // 2) Ingress that targets the ExternalName Service over HTTPS:443
-    new IngressV1(this, "nixcache-ingress", {
-      metadata: {
-        name: "nix-cache",
-        namespace,
-        annotations: {
-          // Use the cache zone defined in controller.config.http-snippet
-          "nginx.ingress.kubernetes.io/proxy-cache": "cachecache",
-          "nginx.ingress.kubernetes.io/proxy-cache-valid": "200 302 60d",
-          "nginx.ingress.kubernetes.io/proxy-cache-lock": "true",
-          "nginx.ingress.kubernetes.io/proxy-buffering": "on",
-
-          // Upstream is HTTPS with SNI and a fixed Host header
-          "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
-          "nginx.ingress.kubernetes.io/proxy-ssl-server-name": "true",
-          "nginx.ingress.kubernetes.io/upstream-vhost": upstreamHost,
-
-          // Use cert-manager to provision TLS certs via Cloudflare
-          "cert-manager.io/cluster-issuer": "cloudflare-issuer",
-          "cert-manager.io/acme-challenge-type": "dns01",
-          "cert-manager.io/private-key-size": "4096",
-        },
-      },
-      spec: {
-        ingressClassName: ingressClass,
-        rule: [
-          {
-            host,
-            http: {
-              path: [
-                {
-                  path: "/",
-                  pathType: "Prefix",
-                  backend: {
-                    service: {
-                      name: "nixcache-upstream",
-                      port: { number: 443 },
-                    },
-                  },
-                },
-              ],
-            },
-          },
-        ],
-        tls: [
-          {
-            hosts: [host],
-            secretName: "nix-cache-tls",
-          },
-        ],
-      },
-    });
-
-    // 3) PersistentVolumeClaim for caching
-    new PersistentVolumeClaimV1(this, "nix-cache-pvc", {
-      metadata: {
-        name: "nix-cache",
-        namespace,
-      },
-      spec: {
-        accessModes: ["ReadWriteMany"],
-        resources: {
-          requests: {
-            storage: "128Gi",
-          },
-        },
-      },
-    });
-  }
-}