add omni

2026-04-09 18:02:06 +00:00
parent 58bb6ffac4
commit 3d60cb6706
6 changed files with 112 additions and 2 deletions
--- a/kubernetes/charts/omni.nix
+++ b/kubernetes/charts/omni.nix
@@ -0,0 +1,88 @@
+{ pkgs, ... }:
+let
+    omniSrc = pkgs.fetchFromGitHub {
+        owner = "siderolabs";
+        repo = "omni";
+        rev = "v1.6.5";
+        hash = "sha256-FV0aPZaEejNBY/ajjdo3dURwDFu+8RInKOmeV5SVMXw=";
+    };
+
+    omniChartTarball = pkgs.runCommand "omni-chart.tgz" {
+        nativeBuildInputs = [ pkgs.gnutar ];
+    } ''
+        tar czf "$out" -C "${omniSrc}/deploy/helm" omni
+    '';
+
+    omniManifest = pkgs.runCommand "omni-manifest.yaml" {
+        nativeBuildInputs = [ pkgs.coreutils ];
+    } ''
+        chart_content=$(base64 -w 0 < "${omniChartTarball}")
+        cat > "$out" <<EOF
+        apiVersion: helm.cattle.io/v1
+        kind: HelmChart
+        metadata:
+          name: omni
+          namespace: kube-system
+        spec:
+          targetNamespace: omni
+          createNamespace: true
+          chartContent: $chart_content
+          valuesContent: |-
+            etcdEncryptionKey:
+              existingSecret: omni-etcd-key
+
+            ingress:
+              main:
+                enabled: true
+                host: weyma-omni.infra.dubyatp.xyz
+                tls:
+                  - hosts:
+                      - weyma-omni.infra.dubyatp.xyz
+                    secretName: cert-dubyatp-xyz
+              kubernetesProxy:
+                enabled: true
+                host: weyma-omni-k8s.infra.dubyatp.xyz
+                tls:
+                  - hosts:
+                      - weyma-omni-k8s.infra.dubyatp.xyz
+                    secretName: cert-dubyatp-xyz
+              siderolinkApi:
+                enabled: true
+                host: weyma-omni-siderolink.infra.dubyatp.xyz
+                tls:
+                  - hosts:
+                      - weyma-omni-siderolink.infra.dubyatp.xyz
+                    secretName: cert-dubyatp-xyz
+
+            service:
+              wireguard:
+                type: LoadBalancer
+
+            config:
+              account:
+                name: weyma-omni
+                id: a0a43f2a-d838-4fe0-96fb-ab9e60695e0b
+              auth:
+                auth0:
+                  enabled: false
+                saml:
+                  enabled: true
+                  url: https://auth.dubyatp.xyz/application/saml/omni/metadata/
+                initialUsers:
+                  - me@williamtpeebles.com
+              services:
+                api:
+                  advertisedURL: https://weyma-omni.infra.dubyatp.xyz
+                kubernetesProxy:
+                  advertisedURL: https://weyma-omni-k8s.infra.dubyatp.xyz
+                machineAPI:
+                  advertisedURL: https://weyma-omni-siderolink.infra.dubyatp.xyz
+                siderolink:
+                  wireGuard:
+                    advertisedEndpoint: 10.105.6.198:50180
+        EOF
+    '';
+in
+{
+    services.k3s.manifests."omni-chart.yaml".source = omniManifest;
+}