Add files from previous commit

2022-05-23 21:53:50 +02:00 · 2022-05-23 21:53:50 +02:00 · 898ae4d390
parent 75d460e9fc
commit 898ae4d390
13 changed files with 113 additions and 3 deletions
--- a/flux/cluster/apps/authentik/helm.yaml
+++ b/flux/cluster/apps/authentik/helm.yaml
@ -5,7 +5,7 @@ metadata:
  namespace: authentik
 spec:
  interval: 1m0s
-  chart: 
+  chart:
    spec:
      # renovate: registryUrl=https://charts.goauthentik.io
      chart: authentik
@ -27,7 +27,7 @@ spec:
      tag: 2022.5.2
    authentik:
      error_reporting:
-        enabled: true
+        enabled: false
      postgresql:
        host: "10.244.87.21"
        name: "authentik"
@ -39,6 +39,7 @@ spec:
        enabled: false
    ingress:
      enabled: true
+      annotations:
      hosts:
        - host: auth.asraphiel.dev
          paths:
--- a/flux/cluster/apps/kustomization.yaml
+++ b/flux/cluster/apps/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
  - test
  - authentik
+  - networking
--- a/flux/cluster/apps/networking/kustomization.yaml
+++ b/flux/cluster/apps/networking/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - traefik
--- a/flux/cluster/apps/networking/traefik/helm.yaml
+++ b/flux/cluster/apps/networking/traefik/helm.yaml
@ -0,0 +1,47 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: traefik
+  namespace: traefik
+spec:
+  interval: 5m
+  chart:
+    spec:
+      # renovate: registryUrl=https://helm.traefik.io/traefik
+      chart: traefik
+      version: 10.19.5
+      sourceRef:
+        kind: HelmRepository
+        name: traefik-charts
+        namespace: flux-system
+      interval: 5m
+  values:
+    logs:
+      general:
+        level: WARN
+    ingressClass:
+      enabled: true
+      isDefaultClass: true
+      fallbackApiVersion: v1
+    globalArguments: []
+    additionalArguments:
+      - "--entryPoints.web.forwardedHeaders.insecure=true"
+      - "--entryPoints.websecure.forwardedHeaders.insecure=true"
+    ports:
+      traefik:
+        port: 9000
+        expose: true
+      web:
+        port: 80
+        exposedPort: 80
+        expose: true
+      websecure:
+        port: 443
+        exposedPort: 443
+        expose: true
+    pilot:
+      enabled: false
+    experimental:
+      plugins:
+        enabled: false
--- a/flux/cluster/apps/networking/traefik/kustomization.yaml
+++ b/flux/cluster/apps/networking/traefik/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm.yaml
--- a/flux/cluster/base/flux-system/charts/kustomization.yaml
+++ b/flux/cluster/base/flux-system/charts/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
  - external-secrets-charts.yaml
  - authentik-charts.yaml
+  - traefik-charts.yaml
--- a/flux/cluster/base/flux-system/charts/traefik-charts.yaml
+++ b/flux/cluster/base/flux-system/charts/traefik-charts.yaml
@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: traefik-charts
+  namespace: flux-system
+spec:
+  interval: 15m
+  url: https://helm.traefik.io/traefik
--- a/flux/cluster/core/namespaces/kustomization.yaml
+++ b/flux/cluster/core/namespaces/kustomization.yaml
@ -4,3 +4,4 @@ resources:
  - test-name.yaml
  - external-secrets.yaml
  - authentik.yaml
+  - traefik.yaml
--- a/flux/cluster/core/namespaces/traefik.yaml
+++ b/flux/cluster/core/namespaces/traefik.yaml
@ -0,0 +1,6 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: traefik
+  labels:
+    name: traefik
--- a/flux/cluster/crds/kustomization.yaml
+++ b/flux/cluster/crds/kustomization.yaml
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - external-secrets
+  - traefik
--- a/flux/cluster/crds/traefik/crds.yaml
+++ b/flux/cluster/crds/traefik/crds.yaml
@ -0,0 +1,29 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: traefik-crd-source
+  namespace: flux-system
+spec:
+  interval: 30m
+  url: https://github.com/traefik/traefik-helm-chart.git
+  ref:
+    tag: v10.19.5
+  ignore: |
+    # exclude all
+    /*
+    # path to crds
+    !/traefik/crds/  
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: traefik-crds
+  namespace: flux-system
+spec:
+  interval: 15m
+  prune: false
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: traefik-crd-source
--- a/flux/cluster/crds/traefik/kustomization.yaml
+++ b/flux/cluster/crds/traefik/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - crds.yaml
--- a/nixos/machines/nginx/default.nix
+++ b/nixos/machines/nginx/default.nix
@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 let
  proxy = path: {
-
+    http2 = true;
    forceSSL = true;
    enableACME = true;
    locations."/" = {
@ -10,6 +10,7 @@ let
    };
  };
  bigProxy = path: {
+    http2 = true;
    forceSSL = true;
    enableACME = true;
    locations."/" = {
@ -33,10 +34,12 @@ in {
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
    package = pkgs.nginxMainline;

    virtualHosts."asraphiel.dev" = {
      forceSSL = true;
+      http2 = true;
      enableACME = true;
      root = "/etc/main";
    };