fix lab
This commit is contained in:
6
flake.lock
generated
6
flake.lock
generated
@@ -56,11 +56,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1759417375,
|
"lastModified": 1761236834,
|
||||||
"narHash": "sha256-O7eHcgkQXJNygY6AypkF9tFhsoDQjpNEojw3eFs73Ow=",
|
"narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "dc704e6102e76aad573f63b74c742cd96f8f1e6c",
|
"rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|||||||
@@ -35,6 +35,7 @@ serviceWeb:
|
|||||||
serviceDns:
|
serviceDns:
|
||||||
annotations:
|
annotations:
|
||||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||||
|
mixedService: true
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
loadBalancerIP: 192.168.18.250
|
loadBalancerIP: 192.168.18.250
|
||||||
serviceDhcp:
|
serviceDhcp:
|
||||||
@@ -51,21 +52,22 @@ dnsmasq:
|
|||||||
- dhcp-host=B0:41:6F:0F:A0:CD,192.168.18.12,homelab-2
|
- dhcp-host=B0:41:6F:0F:A0:CD,192.168.18.12,homelab-2
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostname: pihole
|
hostname: pihole
|
||||||
|
priviledged: true
|
||||||
|
virtualHost: "pihole.dogar.dev"
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
extraEnvVars:
|
extraEnvVars:
|
||||||
TZ: "Asia/Karachi"
|
TZ: "Asia/Karachi"
|
||||||
DNSSEC: "true"
|
DNSSEC: "true"
|
||||||
FTLCONF_LOCAL_IPV4: "192.168.18.250"
|
FTLCONG_dhcp_active: "true"
|
||||||
|
FTLCONF_dhcp_start: "192.168.18.2"
|
||||||
|
FTLCONF_dhcp_end: "192.168.18.100"
|
||||||
|
FTLCONF_dhcp_leaseTime: "24h"
|
||||||
|
FTLCONF_dhcp_netmask: "255.255.255.0"
|
||||||
|
FTLCONF_dhcp_router: "192.168.18.1"
|
||||||
|
FTLCONF_dns_listeningMode: "all"
|
||||||
INTERFACE: "enp1s0"
|
INTERFACE: "enp1s0"
|
||||||
DNSMASQ_LISTENING: "single"
|
|
||||||
DHCP_ACTIVE: "true"
|
|
||||||
DHCP_START: "192.168.18.2"
|
|
||||||
DHCP_END: "192.168.18.20"
|
|
||||||
DHCP_ROUTER: "192.168.18.1"
|
|
||||||
PIHOLE_DOMAIN: "pihole.dogar.dev"
|
|
||||||
VIRTUAL_HOST: "pihole.dogar.dev"
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
prometheus.io/scrape: "true"
|
prometheus.io/scrape: "true"
|
||||||
prometheus.io/port: "9617"
|
prometheus.io/port: "9617"
|
||||||
|
|||||||
6
main.ts
6
main.ts
@@ -13,10 +13,10 @@ import { AuthentikServer } from "./authentik";
|
|||||||
import { ValkeyCluster } from "./valkey";
|
import { ValkeyCluster } from "./valkey";
|
||||||
import { CertManager } from "./cert-manager";
|
import { CertManager } from "./cert-manager";
|
||||||
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
|
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
|
||||||
import { PiHole } from "./pihole";
|
|
||||||
import { Nginx } from "./nginx";
|
import { Nginx } from "./nginx";
|
||||||
import { Prometheus } from "./prometheus";
|
import { Prometheus } from "./prometheus";
|
||||||
import { MetalLB } from "./metallb";
|
import { MetalLB } from "./metallb";
|
||||||
|
import { PiHole } from "./pihole";
|
||||||
|
|
||||||
dotenv.config();
|
dotenv.config();
|
||||||
|
|
||||||
@@ -148,16 +148,12 @@ class Homelab extends TerraformStack {
|
|||||||
backupR2EndpointURL: r2Endpoint,
|
backupR2EndpointURL: r2Endpoint,
|
||||||
});
|
});
|
||||||
|
|
||||||
pg.node.addDependency(pihole);
|
|
||||||
|
|
||||||
const valkey = new ValkeyCluster(this, "valkey-cluster", {
|
const valkey = new ValkeyCluster(this, "valkey-cluster", {
|
||||||
provider: kubernetes,
|
provider: kubernetes,
|
||||||
namespace,
|
namespace,
|
||||||
name: "valkey",
|
name: "valkey",
|
||||||
});
|
});
|
||||||
|
|
||||||
valkey.node.addDependency(pihole);
|
|
||||||
|
|
||||||
const authentik = new AuthentikServer(this, "authentik-server", {
|
const authentik = new AuthentikServer(this, "authentik-server", {
|
||||||
provider: helm,
|
provider: helm,
|
||||||
name: "authentik",
|
name: "authentik",
|
||||||
|
|||||||
@@ -375,15 +375,24 @@ export class PostgresCluster extends Construct {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
enableSuperuserAccess: false,
|
enableSuperuserAccess: true,
|
||||||
|
// bootstrap: {
|
||||||
|
// recovery: {
|
||||||
|
// source: "clusterBackup",
|
||||||
|
// database: "postgres",
|
||||||
|
// owner: options.primaryUser,
|
||||||
|
// secret: {
|
||||||
|
// name: options.initSecretName,
|
||||||
|
// },
|
||||||
|
// },
|
||||||
|
// },
|
||||||
bootstrap: {
|
bootstrap: {
|
||||||
recovery: {
|
initdb: {
|
||||||
source: "clusterBackup",
|
|
||||||
database: "postgres",
|
database: "postgres",
|
||||||
owner: options.primaryUser,
|
|
||||||
secret: {
|
secret: {
|
||||||
name: options.initSecretName,
|
name: options.initSecretName,
|
||||||
},
|
},
|
||||||
|
postInitSQL: [`CREATE USER ${options.primaryUser} SUPERUSER;`],
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
externalClusters: [
|
externalClusters: [
|
||||||
@@ -392,7 +401,7 @@ export class PostgresCluster extends Construct {
|
|||||||
plugin: {
|
plugin: {
|
||||||
name: "barman-cloud.cloudnative-pg.io",
|
name: "barman-cloud.cloudnative-pg.io",
|
||||||
parameters: {
|
parameters: {
|
||||||
barmanObjectName: "r2-postgres-backup-store",
|
barmanObjectName: barmanStoreName,
|
||||||
serverName: "postgres-cluster",
|
serverName: "postgres-cluster",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@@ -431,5 +440,24 @@ export class PostgresCluster extends Construct {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
|
new Manifest(this, "postgres-backup-job", {
|
||||||
|
provider: kubernetes,
|
||||||
|
manifest: {
|
||||||
|
apiVersion: "postgresql.cnpg.io/v1",
|
||||||
|
kind: "ScheduledBackup",
|
||||||
|
metadata: {
|
||||||
|
name: "postgres-cluster",
|
||||||
|
namespace: options.namespace,
|
||||||
|
},
|
||||||
|
spec: {
|
||||||
|
schedule: "0 0 0 * * *", // daily at midnight
|
||||||
|
backupOwnerReference: "self",
|
||||||
|
cluster: {
|
||||||
|
name: options.name,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user