From 898ae4d3900084801e9320392bbd2b4dc007d3f4 Mon Sep 17 00:00:00 2001 From: Julius de Jeu Date: Mon, 23 May 2022 21:53:50 +0200 Subject: [PATCH] Add files from previous commit --- flux/cluster/apps/authentik/helm.yaml | 5 +- flux/cluster/apps/kustomization.yaml | 1 + .../apps/networking/kustomization.yaml | 4 ++ .../cluster/apps/networking/traefik/helm.yaml | 47 +++++++++++++++++++ .../networking/traefik/kustomization.yaml | 4 ++ .../flux-system/charts/kustomization.yaml | 1 + .../flux-system/charts/traefik-charts.yaml | 8 ++++ .../core/namespaces/kustomization.yaml | 1 + flux/cluster/core/namespaces/traefik.yaml | 6 +++ flux/cluster/crds/kustomization.yaml | 1 + flux/cluster/crds/traefik/crds.yaml | 29 ++++++++++++ flux/cluster/crds/traefik/kustomization.yaml | 4 ++ nixos/machines/nginx/default.nix | 5 +- 13 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 flux/cluster/apps/networking/kustomization.yaml create mode 100644 flux/cluster/apps/networking/traefik/helm.yaml create mode 100644 flux/cluster/apps/networking/traefik/kustomization.yaml create mode 100644 flux/cluster/base/flux-system/charts/traefik-charts.yaml create mode 100644 flux/cluster/core/namespaces/traefik.yaml create mode 100644 flux/cluster/crds/traefik/crds.yaml create mode 100644 flux/cluster/crds/traefik/kustomization.yaml diff --git a/flux/cluster/apps/authentik/helm.yaml b/flux/cluster/apps/authentik/helm.yaml index 403bd43..8e18410 100644 --- a/flux/cluster/apps/authentik/helm.yaml +++ b/flux/cluster/apps/authentik/helm.yaml @@ -5,7 +5,7 @@ metadata: namespace: authentik spec: interval: 1m0s - chart: + chart: spec: # renovate: registryUrl=https://charts.goauthentik.io chart: authentik @@ -27,7 +27,7 @@ spec: tag: 2022.5.2 authentik: error_reporting: - enabled: true + enabled: false postgresql: host: "10.244.87.21" name: "authentik" @@ -39,6 +39,7 @@ spec: enabled: false ingress: enabled: true + annotations: hosts: - host: auth.asraphiel.dev paths: diff --git a/flux/cluster/apps/kustomization.yaml b/flux/cluster/apps/kustomization.yaml index 745fc3a..38a1d48 100644 --- a/flux/cluster/apps/kustomization.yaml +++ b/flux/cluster/apps/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - test - authentik + - networking diff --git a/flux/cluster/apps/networking/kustomization.yaml b/flux/cluster/apps/networking/kustomization.yaml new file mode 100644 index 0000000..8f492af --- /dev/null +++ b/flux/cluster/apps/networking/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - traefik diff --git a/flux/cluster/apps/networking/traefik/helm.yaml b/flux/cluster/apps/networking/traefik/helm.yaml new file mode 100644 index 0000000..8ad32df --- /dev/null +++ b/flux/cluster/apps/networking/traefik/helm.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: traefik + namespace: traefik +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://helm.traefik.io/traefik + chart: traefik + version: 10.19.5 + sourceRef: + kind: HelmRepository + name: traefik-charts + namespace: flux-system + interval: 5m + values: + logs: + general: + level: WARN + ingressClass: + enabled: true + isDefaultClass: true + fallbackApiVersion: v1 + globalArguments: [] + additionalArguments: + - "--entryPoints.web.forwardedHeaders.insecure=true" + - "--entryPoints.websecure.forwardedHeaders.insecure=true" + ports: + traefik: + port: 9000 + expose: true + web: + port: 80 + exposedPort: 80 + expose: true + websecure: + port: 443 + exposedPort: 443 + expose: true + pilot: + enabled: false + experimental: + plugins: + enabled: false diff --git a/flux/cluster/apps/networking/traefik/kustomization.yaml b/flux/cluster/apps/networking/traefik/kustomization.yaml new file mode 100644 index 0000000..8b77d3a --- /dev/null +++ b/flux/cluster/apps/networking/traefik/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm.yaml diff --git a/flux/cluster/base/flux-system/charts/kustomization.yaml b/flux/cluster/base/flux-system/charts/kustomization.yaml index 6a3062a..dc5c8d0 100644 --- a/flux/cluster/base/flux-system/charts/kustomization.yaml +++ b/flux/cluster/base/flux-system/charts/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - external-secrets-charts.yaml - authentik-charts.yaml + - traefik-charts.yaml diff --git a/flux/cluster/base/flux-system/charts/traefik-charts.yaml b/flux/cluster/base/flux-system/charts/traefik-charts.yaml new file mode 100644 index 0000000..5c85c28 --- /dev/null +++ b/flux/cluster/base/flux-system/charts/traefik-charts.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: traefik-charts + namespace: flux-system +spec: + interval: 15m + url: https://helm.traefik.io/traefik \ No newline at end of file diff --git a/flux/cluster/core/namespaces/kustomization.yaml b/flux/cluster/core/namespaces/kustomization.yaml index a060c4f..f1fafc0 100644 --- a/flux/cluster/core/namespaces/kustomization.yaml +++ b/flux/cluster/core/namespaces/kustomization.yaml @@ -4,3 +4,4 @@ resources: - test-name.yaml - external-secrets.yaml - authentik.yaml + - traefik.yaml diff --git a/flux/cluster/core/namespaces/traefik.yaml b/flux/cluster/core/namespaces/traefik.yaml new file mode 100644 index 0000000..889212f --- /dev/null +++ b/flux/cluster/core/namespaces/traefik.yaml @@ -0,0 +1,6 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: traefik + labels: + name: traefik \ No newline at end of file diff --git a/flux/cluster/crds/kustomization.yaml b/flux/cluster/crds/kustomization.yaml index 532bfd3..d15d845 100644 --- a/flux/cluster/crds/kustomization.yaml +++ b/flux/cluster/crds/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - external-secrets + - traefik diff --git a/flux/cluster/crds/traefik/crds.yaml b/flux/cluster/crds/traefik/crds.yaml new file mode 100644 index 0000000..a88c1ec --- /dev/null +++ b/flux/cluster/crds/traefik/crds.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: traefik-crd-source + namespace: flux-system +spec: + interval: 30m + url: https://github.com/traefik/traefik-helm-chart.git + ref: + tag: v10.19.5 + ignore: | + # exclude all + /* + # path to crds + !/traefik/crds/ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: traefik-crds + namespace: flux-system +spec: + interval: 15m + prune: false + wait: true + sourceRef: + kind: GitRepository + name: traefik-crd-source \ No newline at end of file diff --git a/flux/cluster/crds/traefik/kustomization.yaml b/flux/cluster/crds/traefik/kustomization.yaml new file mode 100644 index 0000000..2ed3b35 --- /dev/null +++ b/flux/cluster/crds/traefik/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - crds.yaml diff --git a/nixos/machines/nginx/default.nix b/nixos/machines/nginx/default.nix index 49a3bfe..0db4ba6 100644 --- a/nixos/machines/nginx/default.nix +++ b/nixos/machines/nginx/default.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let proxy = path: { - + http2 = true; forceSSL = true; enableACME = true; locations."/" = { @@ -10,6 +10,7 @@ let }; }; bigProxy = path: { + http2 = true; forceSSL = true; enableACME = true; locations."/" = { @@ -33,10 +34,12 @@ in { recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; + recommendedGzipSettings = true; package = pkgs.nginxMainline; virtualHosts."asraphiel.dev" = { forceSSL = true; + http2 = true; enableACME = true; root = "/etc/main"; };