shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

various things while resetting lab

Browse Source
This commit is contained in:
Shahab Dogar
2025-09-07 06:28:38 +05:00
parent 2d6c9988e0
commit a54f6df462
5 changed files with 110 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
1password/secrets.json
View File

@@ -74,10 +74,5 @@
"name": "longhorn-encryption", "name": "longhorn-encryption",
"namespace": "longhorn-system", "namespace": "longhorn-system",
"itemPath": "vaults/Lab/items/longhorn-encryption" "itemPath": "vaults/Lab/items/longhorn-encryption"
},
{
"name": "longhorn-backup",
"namespace": "longhorn-system",
"itemPath": "vaults/Lab/items/longhorn-backup"
} }
] ]

13
main.ts
View File

@@ -42,6 +42,18 @@ class Homelab extends TerraformStack {
}, },
}); });
new Manifest(this, "namespace", {
provider: kubernetes,
manifest: {
kind: "Namespace",
apiVersion: "v1",
metadata: {
name: "homelab",
},
spec: {},
},
});
new Manifest(this, "core-dns", { new Manifest(this, "core-dns", {
provider: kubernetes, provider: kubernetes,
manifest: { manifest: {
@@ -128,6 +140,7 @@ class Homelab extends TerraformStack {
users: ["shahab", "budget-tracker"], users: ["shahab", "budget-tracker"],
primaryUser: "shahab", primaryUser: "shahab",
initSecretName: "postgres-password", initSecretName: "postgres-password",
backupR2EndpointURL: `https://${env.ACCOUNT_ID}.r2.cloudflarestorage.com`,
}); });
new RedisCluster(this, "redis-cluster", { new RedisCluster(this, "redis-cluster", {

7
nixos/master/disko-config.nix
View File

@@ -24,7 +24,12 @@
content = { content = {
name = "crypted"; name = "crypted";
type = "luks"; type = "luks";
askPassword = true; passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts =
[ "fido2-device=auto" "token-timeout=10" ];
};
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";

6
nixos/master/flake.nix
View File

@@ -4,8 +4,10 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
# Disko # Disko
disko.url = "github:nix-community/disko"; disko = {
disko.inputs.nixpkgs.follows = "nixpkgs"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { nixpkgs, disko, ... }: let outputs = { nixpkgs, disko, ... }: let

89
postgres/index.ts
View File

@@ -17,6 +17,7 @@ type PostgresClusterOptions = {
initSecretName: string; initSecretName: string;
certManagerApiVersion: string; certManagerApiVersion: string;
version: string; version: string;
backupR2EndpointURL: string;
}; };
export class PostgresCluster extends Construct { export class PostgresCluster extends Construct {
@@ -34,6 +35,44 @@ export class PostgresCluster extends Construct {
namespace: options.namespace, namespace: options.namespace,
}); });
const destinationPath = "s3://homelab-backups/";
const endpointURL = options.backupR2EndpointURL;
const barmanConfiguration = {
destinationPath,
endpointURL,
s3Credentials: {
accessKeyId: {
name: "cloudflare-r2-token",
key: "access_key",
},
secretAccessKey: {
name: "cloudflare-r2-token",
key: "secret_key",
},
},
};
new Manifest(this, "r2-backup-store", {
provider: kubernetes,
manifest: {
apiVersion: "barmancloud.cnpg.io/v1",
kind: "ObjectStore",
metadata: {
namespace: options.namespace,
name: "r2-postgres-backup-store-homelab",
},
spec: {
configuration: {
...barmanConfiguration,
wal: {
compression: "gzip",
},
},
},
},
});
const { certManagerApiVersion } = options; const { certManagerApiVersion } = options;
const certNames = { const certNames = {
@@ -273,6 +312,7 @@ export class PostgresCluster extends Construct {
new Manifest(this, "postgres-cluster", { new Manifest(this, "postgres-cluster", {
provider: kubernetes, provider: kubernetes,
fieldManager: { forceConflicts: true },
manifest: { manifest: {
apiVersion: "postgresql.cnpg.io/v1", apiVersion: "postgresql.cnpg.io/v1",
kind: "Cluster", kind: "Cluster",
@@ -296,14 +336,59 @@ export class PostgresCluster extends Construct {
"hostssl sameuser all all cert", "hostssl sameuser all all cert",
], ],
}, },
plugins: [
{
name: "barman-cloud.cloudnative-pg.io",
enabled: true,
isWALArchiver: true,
parameters: {
barmanObjectName: "r2-postgres-backup-store",
},
},
],
enableSuperuserAccess: false, enableSuperuserAccess: false,
bootstrap: { bootstrap: {
initdb: { recovery: {
source: "clusterBackup",
database: "postgres", database: "postgres",
owner: options.primaryUser,
secret: { secret: {
name: options.initSecretName, name: options.initSecretName,
}, },
postInitSQL: [`CREATE USER ${options.primaryUser} SUPERUSER;`], },
},
externalClusters: [
{
name: "clusterBackup",
plugin: {
name: "barman-cloud.cloudnative-pg.io",
parameters: {
barmanObjectName: "r2-postgres-backup-store",
serverName: "postgres-cluster",
},
},
},
],
managed: {
services: {
disabledDefaultServices: ["ro", "r"],
additional: [
{
selectorType: "rw",
serviceTemplate: {
metadata: {
name: "postgres-cluster",
annotations: {
"external-dns.alpha.kubernetes.io/hostname":
"postgres.dogar.dev",
},
},
spec: {
type: "LoadBalancer",
},
},
},
],
}, },
}, },
storage: { storage: {