Compare commits
10 Commits
fba7ac98b7
...
b83f9521b0
| Author | SHA1 | Date | |
|---|---|---|---|
b83f9521b0
|
|||
|
5438278058
|
|||
|
0696f199cd
|
|||
|
7c0edd8fd4
|
|||
|
fd5259988e
|
|||
|
1c9b31076c
|
|||
|
ba5494becb
|
|||
|
ea384e285e
|
|||
|
1a2a24e965
|
|||
|
e830694d8b
|
6
flake.lock
generated
6
flake.lock
generated
@@ -56,11 +56,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1759417375,
|
||||
"narHash": "sha256-O7eHcgkQXJNygY6AypkF9tFhsoDQjpNEojw3eFs73Ow=",
|
||||
"lastModified": 1761236834,
|
||||
"narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dc704e6102e76aad573f63b74c742cd96f8f1e6c",
|
||||
"rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -31,7 +31,6 @@
|
||||
devShell = pkgs.mkShell {
|
||||
buildInputs = with pkgs; [
|
||||
kubernetes-helm
|
||||
kubectl
|
||||
(kubectl.withKrewPlugins (plugins: with plugins; [
|
||||
cnpg
|
||||
]))
|
||||
|
||||
@@ -43,11 +43,7 @@ spec:
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://localhost:2376
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/client
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
value: unix:///run/user/1000/docker.sock
|
||||
- name: GITEA_INSTANCE_URL
|
||||
value: https://git.dogar.dev
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
|
||||
@@ -10,6 +10,8 @@ extraEnvVars:
|
||||
secretKeyRef:
|
||||
name: pihole-admin
|
||||
key: password
|
||||
extraArgs:
|
||||
pihole-api-version: 6
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: "external-dns"
|
||||
|
||||
@@ -108,6 +108,13 @@ deployment:
|
||||
value: /opt/gitea/.postgresql/postgresql.crt
|
||||
- name: PGSSLKEY
|
||||
value: /opt/gitea/.postgresql/postgresql.key
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 6
|
||||
memory: 6Gi
|
||||
extraVolumes:
|
||||
- name: ssl-bundle
|
||||
projected:
|
||||
|
||||
@@ -9,9 +9,10 @@ admin:
|
||||
passwordKey: password
|
||||
persistentVolumeClaim:
|
||||
enabled: true
|
||||
storageClass: longhorn-crypto
|
||||
storageClass: longhorn
|
||||
size: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
- ReadWriteMany
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx-internal
|
||||
@@ -34,6 +35,7 @@ serviceWeb:
|
||||
serviceDns:
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||
mixedService: true
|
||||
type: LoadBalancer
|
||||
loadBalancerIP: 192.168.18.250
|
||||
serviceDhcp:
|
||||
@@ -50,21 +52,22 @@ dnsmasq:
|
||||
- dhcp-host=B0:41:6F:0F:A0:CD,192.168.18.12,homelab-2
|
||||
hostNetwork: true
|
||||
hostname: pihole
|
||||
priviledged: true
|
||||
virtualHost: "pihole.dogar.dev"
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
extraEnvVars:
|
||||
TZ: "Asia/Karachi"
|
||||
DNSSEC: "true"
|
||||
FTLCONF_LOCAL_IPV4: "192.168.18.250"
|
||||
FTLCONG_dhcp_active: "true"
|
||||
FTLCONF_dhcp_start: "192.168.18.2"
|
||||
FTLCONF_dhcp_end: "192.168.18.100"
|
||||
FTLCONF_dhcp_leaseTime: "24h"
|
||||
FTLCONF_dhcp_netmask: "255.255.255.0"
|
||||
FTLCONF_dhcp_router: "192.168.18.1"
|
||||
FTLCONF_dns_listeningMode: "all"
|
||||
INTERFACE: "enp1s0"
|
||||
DNSMASQ_LISTENING: "single"
|
||||
DHCP_ACTIVE: "true"
|
||||
DHCP_START: "192.168.18.2"
|
||||
DHCP_END: "192.168.18.20"
|
||||
DHCP_ROUTER: "192.168.18.1"
|
||||
PIHOLE_DOMAIN: "pihole.dogar.dev"
|
||||
VIRTUAL_HOST: "pihole.dogar.dev"
|
||||
podAnnotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: "9617"
|
||||
|
||||
6
main.ts
6
main.ts
@@ -13,10 +13,10 @@ import { AuthentikServer } from "./authentik";
|
||||
import { ValkeyCluster } from "./valkey";
|
||||
import { CertManager } from "./cert-manager";
|
||||
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
|
||||
import { PiHole } from "./pihole";
|
||||
import { Nginx } from "./nginx";
|
||||
import { Prometheus } from "./prometheus";
|
||||
import { MetalLB } from "./metallb";
|
||||
import { PiHole } from "./pihole";
|
||||
|
||||
dotenv.config();
|
||||
|
||||
@@ -148,16 +148,12 @@ class Homelab extends TerraformStack {
|
||||
backupR2EndpointURL: r2Endpoint,
|
||||
});
|
||||
|
||||
pg.node.addDependency(pihole);
|
||||
|
||||
const valkey = new ValkeyCluster(this, "valkey-cluster", {
|
||||
provider: kubernetes,
|
||||
namespace,
|
||||
name: "valkey",
|
||||
});
|
||||
|
||||
valkey.node.addDependency(pihole);
|
||||
|
||||
const authentik = new AuthentikServer(this, "authentik-server", {
|
||||
provider: helm,
|
||||
name: "authentik",
|
||||
|
||||
@@ -17,7 +17,6 @@ export class PiHole extends Construct {
|
||||
...options,
|
||||
repository: "https://mojo2600.github.io/pihole-kubernetes",
|
||||
chart: "pihole",
|
||||
version: "2.26.1",
|
||||
values: [
|
||||
fs.readFileSync("helm/values/pihole.values.yaml", {
|
||||
encoding: "utf8",
|
||||
|
||||
@@ -330,6 +330,36 @@ export class PostgresCluster extends Construct {
|
||||
replicationTLSSecret: certNames.client,
|
||||
},
|
||||
postgresql: {
|
||||
parameters: {
|
||||
archive_mode: "on",
|
||||
archive_timeout: "5min",
|
||||
checkpoint_timeout: "10min",
|
||||
checkpoint_completion_target: "0.7",
|
||||
dynamic_shared_memory_type: "posix",
|
||||
full_page_writes: "on",
|
||||
log_destination: "csvlog",
|
||||
log_directory: "/controller/log",
|
||||
log_filename: "postgres",
|
||||
log_rotation_age: "0",
|
||||
log_rotation_size: "0",
|
||||
log_truncate_on_rotation: "false",
|
||||
logging_collector: "on",
|
||||
max_parallel_workers: "32",
|
||||
max_replication_slots: "32",
|
||||
max_wal_size: "768MB",
|
||||
max_worker_processes: "32",
|
||||
max_slot_wal_keep_size: "256MB",
|
||||
min_wal_size: "128MB",
|
||||
shared_memory_type: "mmap",
|
||||
shared_preload_libraries: "",
|
||||
ssl_max_protocol_version: "TLSv1.3",
|
||||
ssl_min_protocol_version: "TLSv1.3",
|
||||
wal_keep_size: "128MB",
|
||||
wal_level: "logical",
|
||||
wal_log_hints: "on",
|
||||
wal_receiver_timeout: "5s",
|
||||
wal_sender_timeout: "5s",
|
||||
},
|
||||
pg_hba: [
|
||||
`hostssl all ${options.primaryUser} all cert`,
|
||||
"hostssl sameuser all all cert",
|
||||
@@ -345,15 +375,24 @@ export class PostgresCluster extends Construct {
|
||||
},
|
||||
},
|
||||
],
|
||||
enableSuperuserAccess: false,
|
||||
enableSuperuserAccess: true,
|
||||
// bootstrap: {
|
||||
// recovery: {
|
||||
// source: "clusterBackup",
|
||||
// database: "postgres",
|
||||
// owner: options.primaryUser,
|
||||
// secret: {
|
||||
// name: options.initSecretName,
|
||||
// },
|
||||
// },
|
||||
// },
|
||||
bootstrap: {
|
||||
recovery: {
|
||||
source: "clusterBackup",
|
||||
initdb: {
|
||||
database: "postgres",
|
||||
owner: options.primaryUser,
|
||||
secret: {
|
||||
name: options.initSecretName,
|
||||
},
|
||||
postInitSQL: [`CREATE USER ${options.primaryUser} SUPERUSER;`],
|
||||
},
|
||||
},
|
||||
externalClusters: [
|
||||
@@ -362,7 +401,7 @@ export class PostgresCluster extends Construct {
|
||||
plugin: {
|
||||
name: "barman-cloud.cloudnative-pg.io",
|
||||
parameters: {
|
||||
barmanObjectName: "r2-postgres-backup-store",
|
||||
barmanObjectName: barmanStoreName,
|
||||
serverName: "postgres-cluster",
|
||||
},
|
||||
},
|
||||
@@ -401,5 +440,24 @@ export class PostgresCluster extends Construct {
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
new Manifest(this, "postgres-backup-job", {
|
||||
provider: kubernetes,
|
||||
manifest: {
|
||||
apiVersion: "postgresql.cnpg.io/v1",
|
||||
kind: "ScheduledBackup",
|
||||
metadata: {
|
||||
name: "postgres-cluster",
|
||||
namespace: options.namespace,
|
||||
},
|
||||
spec: {
|
||||
schedule: "0 0 0 * * *", // daily at midnight
|
||||
backupOwnerReference: "self",
|
||||
cluster: {
|
||||
name: options.name,
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user