Shahab Dogar
0d4f700b89
feat: NixOS | move cluster config to /master fix: update all stuff for office network feat: PiHole | set up DHCP server chore: Cloudflare | delete api token secret chore: remove external-dns annotations from ingressed services fix: PiHole | turn off liveness checks due to host ip fix: GiteaActions | use encrypted storage for runner fix: ElasticSearch | use encrypted volumes for storage fix: Pihole | static mac addresses all caps feat: NixOS | manual network configuration fix: NixOS | k3s cluster init point to static ip with tls-san chore: Postgres | move certificate resources into own file + reduce volume size fix: Pihole | add ingress class name sec: NixOS | remove token from git
93 lines
2.1 KiB
YAML
93 lines
2.1 KiB
YAML
---
|
|
DNS1:
|
|
1.1.1.1
|
|
DNS2:
|
|
192.168.18.1
|
|
nodeSelector:
|
|
pihole: "true"
|
|
admin:
|
|
enabled: true
|
|
existingSecret: pihole-admin
|
|
passwordKey: password
|
|
persistentVolumeClaim:
|
|
enabled: true
|
|
storageClass: longhorn-crypto
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: nginx-internal
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: cloudflare-issuer
|
|
cert-manager.io/acme-challenge-type: dns01
|
|
cert-manager.io/private-key-size: "4096"
|
|
hosts:
|
|
- pihole.dogar.dev
|
|
tls:
|
|
- secretName: pihole-tls
|
|
hosts:
|
|
- pihole.dogar.dev
|
|
serviceWeb:
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: pihole-svc
|
|
type: LoadBalancer
|
|
loadBalancerIP: 192.168.18.250
|
|
serviceDns:
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: pihole-svc
|
|
type: LoadBalancer
|
|
loadBalancerIP: 192.168.18.250
|
|
serviceDhcp:
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: pihole-svc
|
|
enabled: true
|
|
type: LoadBalancer
|
|
loadBalancerIP: 192.168.18.250
|
|
probes:
|
|
liveness:
|
|
enabled: false
|
|
readiness:
|
|
enabled: false
|
|
dnsmasq:
|
|
additionalHostsEntries:
|
|
- 192.168.18.10 homelab-0
|
|
- 192.168.18.11 homelab-1
|
|
- 192.168.18.12 homelab-2
|
|
- 192.168.18.10 lab.dogar.dev
|
|
staticDhcpEntries:
|
|
- dhcp-host=B0:41:6F:0F:A8:D3,192.168.18.10,homelab-0
|
|
- dhcp-host=B0:41:6F:0F:AE:89,192.168.18.11,homelab-1
|
|
- dhcp-host=B0:41:6F:0F:A0:CD,192.168.18.12,homelab-2
|
|
hostNetwork: true
|
|
hostname: pihole
|
|
privileged: true
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
extraEnvVars:
|
|
TZ: "Asia/Karachi"
|
|
DNSSEC: "true"
|
|
FTLCONF_LOCAL_IPV4: "192.168.18.250"
|
|
INTERFACE: "enp1s0"
|
|
DNSMASQ_LISTENING: "single"
|
|
DHCP_ACTIVE: "true"
|
|
DHCP_START: "192.168.18.2"
|
|
DHCP_END: "192.168.18.20"
|
|
DHCP_ROUTER: "192.168.18.1"
|
|
PIHOLE_DOMAIN: "pihole.dogar.dev"
|
|
VIRTUAL_HOST: "pihole.dogar.dev"
|
|
podAnnotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "9617"
|
|
monitoring:
|
|
sidecar:
|
|
enabled: true
|
|
port: 9617
|
|
image:
|
|
repository: ekofr/pihole-exporter
|
|
tag: v0.3.0
|
|
pullPolicy: IfNotPresent
|
|
resources:
|
|
limits:
|
|
memory: 128Mi
|