diff --git a/flake.lock b/flake.lock index d1f298c..85023af 100644 --- a/flake.lock +++ b/flake.lock @@ -56,11 +56,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759417375, - "narHash": "sha256-O7eHcgkQXJNygY6AypkF9tFhsoDQjpNEojw3eFs73Ow=", + "lastModified": 1761236834, + "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc704e6102e76aad573f63b74c742cd96f8f1e6c", + "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1", "type": "github" }, "original": { diff --git a/helm/values/pihole.values.yaml b/helm/values/pihole.values.yaml index 9ad8d77..55e016c 100644 --- a/helm/values/pihole.values.yaml +++ b/helm/values/pihole.values.yaml @@ -35,6 +35,7 @@ serviceWeb: serviceDns: annotations: metallb.universe.tf/allow-shared-ip: pihole-svc + mixedService: true type: LoadBalancer loadBalancerIP: 192.168.18.250 serviceDhcp: @@ -51,21 +52,22 @@ dnsmasq: - dhcp-host=B0:41:6F:0F:A0:CD,192.168.18.12,homelab-2 hostNetwork: true hostname: pihole +priviledged: true +virtualHost: "pihole.dogar.dev" capabilities: add: - NET_ADMIN extraEnvVars: TZ: "Asia/Karachi" DNSSEC: "true" - FTLCONF_LOCAL_IPV4: "192.168.18.250" + FTLCONG_dhcp_active: "true" + FTLCONF_dhcp_start: "192.168.18.2" + FTLCONF_dhcp_end: "192.168.18.100" + FTLCONF_dhcp_leaseTime: "24h" + FTLCONF_dhcp_netmask: "255.255.255.0" + FTLCONF_dhcp_router: "192.168.18.1" + FTLCONF_dns_listeningMode: "all" INTERFACE: "enp1s0" - DNSMASQ_LISTENING: "single" - DHCP_ACTIVE: "true" - DHCP_START: "192.168.18.2" - DHCP_END: "192.168.18.20" - DHCP_ROUTER: "192.168.18.1" - PIHOLE_DOMAIN: "pihole.dogar.dev" - VIRTUAL_HOST: "pihole.dogar.dev" podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "9617" diff --git a/main.ts b/main.ts index d17d0c9..8ea94f4 100644 --- a/main.ts +++ b/main.ts @@ -13,10 +13,10 @@ import { AuthentikServer } from "./authentik"; import { ValkeyCluster } from "./valkey"; import { CertManager } from "./cert-manager"; import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest"; -import { PiHole } from "./pihole"; import { Nginx } from "./nginx"; import { Prometheus } from "./prometheus"; import { MetalLB } from "./metallb"; +import { PiHole } from "./pihole"; dotenv.config(); @@ -148,16 +148,12 @@ class Homelab extends TerraformStack { backupR2EndpointURL: r2Endpoint, }); - pg.node.addDependency(pihole); - const valkey = new ValkeyCluster(this, "valkey-cluster", { provider: kubernetes, namespace, name: "valkey", }); - valkey.node.addDependency(pihole); - const authentik = new AuthentikServer(this, "authentik-server", { provider: helm, name: "authentik", diff --git a/postgres/index.ts b/postgres/index.ts index 4d12bbd..1851de3 100644 --- a/postgres/index.ts +++ b/postgres/index.ts @@ -375,15 +375,24 @@ export class PostgresCluster extends Construct { }, }, ], - enableSuperuserAccess: false, + enableSuperuserAccess: true, + // bootstrap: { + // recovery: { + // source: "clusterBackup", + // database: "postgres", + // owner: options.primaryUser, + // secret: { + // name: options.initSecretName, + // }, + // }, + // }, bootstrap: { - recovery: { - source: "clusterBackup", + initdb: { database: "postgres", - owner: options.primaryUser, secret: { name: options.initSecretName, }, + postInitSQL: [`CREATE USER ${options.primaryUser} SUPERUSER;`], }, }, externalClusters: [ @@ -392,7 +401,7 @@ export class PostgresCluster extends Construct { plugin: { name: "barman-cloud.cloudnative-pg.io", parameters: { - barmanObjectName: "r2-postgres-backup-store", + barmanObjectName: barmanStoreName, serverName: "postgres-cluster", }, }, @@ -431,5 +440,24 @@ export class PostgresCluster extends Construct { }, }, }); + + new Manifest(this, "postgres-backup-job", { + provider: kubernetes, + manifest: { + apiVersion: "postgresql.cnpg.io/v1", + kind: "ScheduledBackup", + metadata: { + name: "postgres-cluster", + namespace: options.namespace, + }, + spec: { + schedule: "0 0 0 * * *", // daily at midnight + backupOwnerReference: "self", + cluster: { + name: options.name, + }, + }, + }, + }); } }