shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: shahab:b83f9521b02c03c9efb0d6c7d7fdbb4886eaff45
Branches Tags
shahab:main
..
compare: shahab:db25a0ea793338e4e99817b426ea2afa84319314
Branches Tags
shahab:main

3 Commits
b83f9521b0 ... db25a0ea79

Author SHA1 Message Date
Shahab Dogar
db25a0ea79 fix: update external dns and move pihole out of k8s cluster 2025-11-15 13:16:04 +05:00
Shahab Dogar
22586fbdd3 fix: update ddns config to include nix cache and add node selector 2025-11-15 13:14:46 +05:00
Shahab Dogar
8256f42761 fix: add second cloudflare token in longhorn-system namespace 2025-11-15 13:14:31 +05:00
6 changed files with 35 additions and 132 deletions
Expand all files Collapse all files

6
1password/secrets.json
View File

@@ -19,6 +19,12 @@
"name": "cloudflare-token", "name": "cloudflare-token",
"itemPath": "vaults/Lab/items/cloudflare" "itemPath": "vaults/Lab/items/cloudflare"
}, },
{
"id": "cloudflare-token-longhorn",
"name": "cloudflare-token",
"itemPath": "vaults/Lab/items/cloudflare",
"namespace": "longhorn-system"
},
{ {
"name": "valkey", "name": "valkey",
"itemPath": "vaults/Lab/items/valkey" "itemPath": "vaults/Lab/items/valkey"

8
cloudflare/ddns.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: cloudflare-domains-config name: cloudflare-domains-config
namespace: homelab namespace: homelab
data: data:
DOMAINS: "auth.dogar.dev,grafana.dogar.dev" DOMAINS: "auth.dogar.dev"
PROXIED: "true" PROXIED: "true"
--- ---
apiVersion: v1 apiVersion: v1
@@ -14,7 +14,7 @@ metadata:
name: cloudflare-domains-config-non-proxied name: cloudflare-domains-config-non-proxied
namespace: homelab namespace: homelab
data: data:
DOMAINS: "dogar.dev,git.dogar.dev" DOMAINS: "dogar.dev,git.dogar.dev,nix.dogar.dev"
PROXIED: "false" PROXIED: "false"
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
@@ -32,6 +32,8 @@ spec:
labels: labels:
app: cloudflare-ddns app: cloudflare-ddns
spec: spec:
nodeSelector:
nodepool: worker
containers: containers:
- name: cloudflare-ddns - name: cloudflare-ddns
image: favonia/cloudflare-ddns:latest image: favonia/cloudflare-ddns:latest
@@ -66,6 +68,8 @@ spec:
labels: labels:
app: cloudflare-ddns app: cloudflare-ddns
spec: spec:
nodeSelector:
nodepool: worker
containers: containers:
- name: cloudflare-ddns-non-proxied - name: cloudflare-ddns-non-proxied
image: favonia/cloudflare-ddns:latest image: favonia/cloudflare-ddns:latest

21
pihole/index.ts → external-dns/index.ts
View File

@@ -3,31 +3,18 @@ import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
import { Release } from "@cdktf/provider-helm/lib/release"; import { Release } from "@cdktf/provider-helm/lib/release";
import { Construct } from "constructs"; import { Construct } from "constructs";
type PiHoleOptions = { type ExternalDNSOptions = {
provider: HelmProvider; provider: HelmProvider;
name: string; name: string;
namespace: string; namespace: string;
}; };
export class PiHole extends Construct { export class ExternalDNS extends Construct {
constructor(scope: Construct, id: string, options: PiHoleOptions) { constructor(scope: Construct, id: string, options: ExternalDNSOptions) {
super(scope, id); super(scope, id);
new Release(this, id, {
...options,
repository: "https://mojo2600.github.io/pihole-kubernetes",
chart: "pihole",
values: [
fs.readFileSync("helm/values/pihole.values.yaml", {
encoding: "utf8",
}),
],
});
new Release(this, "external-dns", { new Release(this, "external-dns", {
provider: options.provider, ...options,
name: "externaldns-pihole",
namespace: options.namespace,
repository: "oci://registry-1.docker.io/bitnamicharts/", repository: "oci://registry-1.docker.io/bitnamicharts/",
chart: "external-dns", chart: "external-dns",
values: [ values: [

16
helm/values/externaldns.values.yaml
View File

@@ -1,15 +1,25 @@
global:
security:
allowInsecureImages: true # needed for ghcr.io images
image:
registry: docker.io
repository: bitnamilegacy/external-dns
tag: 0.18.0-debian-12-r1
pullPolicy: IfNotPresent
interval: 10s interval: 10s
provider: pihole provider: pihole
policy: upsert-only policy: upsert-only
txtOwnerId: "homelab" txtOwnerId: "homelab"
pihole: pihole:
server: http://pihole-web server: http://rashid
nodeSelector:
nodepool: worker
extraEnvVars: extraEnvVars:
- name: EXTERNAL_DNS_PIHOLE_PASSWORD - name: EXTERNAL_DNS_PIHOLE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: pihole-admin name: pihole-admin
key: password key: app-password
extraArgs: extraArgs:
pihole-api-version: 6 pihole-api-version: 6
serviceAccount: serviceAccount:
@@ -18,7 +28,7 @@ serviceAccount:
ingressClassFilters: ingressClassFilters:
- nginx-internal - nginx-internal
metrics: metrics:
enabled: true enabled: false
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 30s interval: 30s

84
helm/values/pihole.values.yaml
View File

@@ -1,84 +0,0 @@
---
DNS1:
1.1.1.1
DNS2:
1.0.0.1
admin:
enabled: true
existingSecret: pihole-admin
passwordKey: password
persistentVolumeClaim:
enabled: true
storageClass: longhorn
size: 10Gi
accessModes:
- ReadWriteMany
ingress:
enabled: true
ingressClassName: nginx-internal
annotations:
cert-manager.io/cluster-issuer: cloudflare-issuer
cert-manager.io/acme-challenge-type: dns01
cert-manager.io/private-key-size: "4096"
hosts:
- pihole.dogar.dev
tls:
- secretName: pihole-tls
hosts:
- pihole.dogar.dev
serviceWeb:
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
type: ClusterIP
https:
enabled: false
serviceDns:
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
mixedService: true
type: LoadBalancer
loadBalancerIP: 192.168.18.250
serviceDhcp:
enabled: false
probes:
liveness:
enabled: false
readiness:
enabled: false
dnsmasq:
staticDhcpEntries:
- dhcp-host=B0:41:6F:0F:A8:D3,192.168.18.10,homelab-0
- dhcp-host=B0:41:6F:0F:AE:89,192.168.18.11,homelab-1
- dhcp-host=B0:41:6F:0F:A0:CD,192.168.18.12,homelab-2
hostNetwork: true
hostname: pihole
priviledged: true
virtualHost: "pihole.dogar.dev"
capabilities:
add:
- NET_ADMIN
extraEnvVars:
TZ: "Asia/Karachi"
DNSSEC: "true"
FTLCONG_dhcp_active: "true"
FTLCONF_dhcp_start: "192.168.18.2"
FTLCONF_dhcp_end: "192.168.18.100"
FTLCONF_dhcp_leaseTime: "24h"
FTLCONF_dhcp_netmask: "255.255.255.0"
FTLCONF_dhcp_router: "192.168.18.1"
FTLCONF_dns_listeningMode: "all"
INTERFACE: "enp1s0"
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9617"
monitoring:
sidecar:
enabled: true
port: 9617
image:
repository: ekofr/pihole-exporter
tag: v0.3.0
pullPolicy: IfNotPresent
resources:
limits:
memory: 128Mi

32
main.ts
View File

@@ -16,7 +16,7 @@ import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
import { Nginx } from "./nginx"; import { Nginx } from "./nginx";
import { Prometheus } from "./prometheus"; import { Prometheus } from "./prometheus";
import { MetalLB } from "./metallb"; import { MetalLB } from "./metallb";
import { PiHole } from "./pihole"; import { ExternalDNS } from "./external-dns";
dotenv.config(); dotenv.config();
@@ -57,26 +57,7 @@ class Homelab extends TerraformStack {
}, },
}); });
new Manifest(this, "core-dns", { new Longhorn(this, "longhorn", {
provider: kubernetes,
manifest: {
kind: "ConfigMap",
apiVersion: "v1",
metadata: {
name: "coredns-custom",
namespace: "kube-system",
},
data: {
"forward.override": `forward . /etc/resolv.conf {
policy sequential
}
`,
},
},
});
const longhorn = new Longhorn(this, "longhorn", {
namespace,
name: "longhorn", name: "longhorn",
providers: { providers: {
kubernetes, kubernetes,
@@ -116,15 +97,14 @@ class Homelab extends TerraformStack {
}, },
}); });
const pihole = new PiHole(this, "pihole", { const externalDNS = new ExternalDNS(this, "external-dns", {
namespace, namespace,
provider: helm, provider: helm,
name: "pihole", name: "external-dns",
}); });
pihole.node.addDependency(longhorn); externalDNS.node.addDependency(nginx);
pihole.node.addDependency(nginx); externalDNS.node.addDependency(cm);
pihole.node.addDependency(cm);
new Prometheus(this, "prometheus", { new Prometheus(this, "prometheus", {
provider: helm, provider: helm,