add omni
This commit is contained in:
@@ -3,5 +3,6 @@
|
||||
./cloudnativepg.nix
|
||||
./cert-manager.nix
|
||||
./authentik.nix
|
||||
./omni.nix
|
||||
];
|
||||
}
|
||||
88
kubernetes/charts/omni.nix
Normal file
88
kubernetes/charts/omni.nix
Normal file
@@ -0,0 +1,88 @@
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
omniSrc = pkgs.fetchFromGitHub {
|
||||
owner = "siderolabs";
|
||||
repo = "omni";
|
||||
rev = "v1.6.5";
|
||||
hash = "sha256-FV0aPZaEejNBY/ajjdo3dURwDFu+8RInKOmeV5SVMXw=";
|
||||
};
|
||||
|
||||
omniChartTarball = pkgs.runCommand "omni-chart.tgz" {
|
||||
nativeBuildInputs = [ pkgs.gnutar ];
|
||||
} ''
|
||||
tar czf "$out" -C "${omniSrc}/deploy/helm" omni
|
||||
'';
|
||||
|
||||
omniManifest = pkgs.runCommand "omni-manifest.yaml" {
|
||||
nativeBuildInputs = [ pkgs.coreutils ];
|
||||
} ''
|
||||
chart_content=$(base64 -w 0 < "${omniChartTarball}")
|
||||
cat > "$out" <<EOF
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChart
|
||||
metadata:
|
||||
name: omni
|
||||
namespace: kube-system
|
||||
spec:
|
||||
targetNamespace: omni
|
||||
createNamespace: true
|
||||
chartContent: $chart_content
|
||||
valuesContent: |-
|
||||
etcdEncryptionKey:
|
||||
existingSecret: omni-etcd-key
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
host: weyma-omni.infra.dubyatp.xyz
|
||||
tls:
|
||||
- hosts:
|
||||
- weyma-omni.infra.dubyatp.xyz
|
||||
secretName: cert-dubyatp-xyz
|
||||
kubernetesProxy:
|
||||
enabled: true
|
||||
host: weyma-omni-k8s.infra.dubyatp.xyz
|
||||
tls:
|
||||
- hosts:
|
||||
- weyma-omni-k8s.infra.dubyatp.xyz
|
||||
secretName: cert-dubyatp-xyz
|
||||
siderolinkApi:
|
||||
enabled: true
|
||||
host: weyma-omni-siderolink.infra.dubyatp.xyz
|
||||
tls:
|
||||
- hosts:
|
||||
- weyma-omni-siderolink.infra.dubyatp.xyz
|
||||
secretName: cert-dubyatp-xyz
|
||||
|
||||
service:
|
||||
wireguard:
|
||||
type: LoadBalancer
|
||||
|
||||
config:
|
||||
account:
|
||||
name: weyma-omni
|
||||
id: a0a43f2a-d838-4fe0-96fb-ab9e60695e0b
|
||||
auth:
|
||||
auth0:
|
||||
enabled: false
|
||||
saml:
|
||||
enabled: true
|
||||
url: https://auth.dubyatp.xyz/application/saml/omni/metadata/
|
||||
initialUsers:
|
||||
- me@williamtpeebles.com
|
||||
services:
|
||||
api:
|
||||
advertisedURL: https://weyma-omni.infra.dubyatp.xyz
|
||||
kubernetesProxy:
|
||||
advertisedURL: https://weyma-omni-k8s.infra.dubyatp.xyz
|
||||
machineAPI:
|
||||
advertisedURL: https://weyma-omni-siderolink.infra.dubyatp.xyz
|
||||
siderolink:
|
||||
wireGuard:
|
||||
advertisedEndpoint: 10.105.6.198:50180
|
||||
EOF
|
||||
'';
|
||||
in
|
||||
{
|
||||
services.k3s.manifests."omni-chart.yaml".source = omniManifest;
|
||||
}
|
||||
@@ -4,5 +4,6 @@
|
||||
./cloudnativepg/weyma-pgsql-replication.nix
|
||||
./cert-manager/cloudflare-api-token.nix
|
||||
./authentik/authentik-credentials.nix
|
||||
./omni/omni-etcd-key.nix
|
||||
];
|
||||
}
|
||||
17
kubernetes/secrets/omni/omni-etcd-key.nix
Normal file
17
kubernetes/secrets/omni/omni-etcd-key.nix
Normal file
@@ -0,0 +1,17 @@
|
||||
{ config, ... }:
|
||||
{
|
||||
sops.templates."omni-etcd-key.yaml" = {
|
||||
mode = "0444";
|
||||
content = ''
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: omni-etcd-key
|
||||
namespace: omni
|
||||
type: Opaque
|
||||
data:
|
||||
omni.asc: ${config.sops.placeholder.omni_asc_base64}
|
||||
'';
|
||||
path = "/var/lib/rancher/k3s/server/manifests/secrets/omni-etcd-key.yaml";
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user