j00lz/strato-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add files from previous commit

Browse source
This commit is contained in:
Julius 2022-05-23 21:53:50 +02:00
parent 75d460e9fc
commit 898ae4d390
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
13 changed files with 113 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
flux/cluster/apps/authentik/helm.yaml
View file

@ -27,7 +27,7 @@ spec:
tag: 2022.5.2 tag: 2022.5.2
authentik: authentik:
error_reporting: error_reporting:
enabled: true enabled: false
postgresql: postgresql:
host: "10.244.87.21" host: "10.244.87.21"
name: "authentik" name: "authentik"
@ -39,6 +39,7 @@ spec:
enabled: false enabled: false
ingress: ingress:
enabled: true enabled: true
annotations:
hosts: hosts:
- host: auth.asraphiel.dev - host: auth.asraphiel.dev
paths: paths:

1
flux/cluster/apps/kustomization.yaml
View file

@ -3,3 +3,4 @@ kind: Kustomization
resources: resources:
- test - test
- authentik - authentik
- networking

4
flux/cluster/apps/networking/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- traefik

47
flux/cluster/apps/networking/traefik/helm.yaml Normal file
View file

@ -0,0 +1,47 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: traefik
namespace: traefik
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://helm.traefik.io/traefik
chart: traefik
version: 10.19.5
sourceRef:
kind: HelmRepository
name: traefik-charts
namespace: flux-system
interval: 5m
values:
logs:
general:
level: WARN
ingressClass:
enabled: true
isDefaultClass: true
fallbackApiVersion: v1
globalArguments: []
additionalArguments:
- "--entryPoints.web.forwardedHeaders.insecure=true"
- "--entryPoints.websecure.forwardedHeaders.insecure=true"
ports:
traefik:
port: 9000
expose: true
web:
port: 80
exposedPort: 80
expose: true
websecure:
port: 443
exposedPort: 443
expose: true
pilot:
enabled: false
experimental:
plugins:
enabled: false

4
flux/cluster/apps/networking/traefik/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm.yaml

1
flux/cluster/base/flux-system/charts/kustomization.yaml
View file

@ -3,3 +3,4 @@ kind: Kustomization
resources: resources:
- external-secrets-charts.yaml - external-secrets-charts.yaml
- authentik-charts.yaml - authentik-charts.yaml
- traefik-charts.yaml

8
flux/cluster/base/flux-system/charts/traefik-charts.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: traefik-charts
namespace: flux-system
spec:
interval: 15m
url: https://helm.traefik.io/traefik

1
flux/cluster/core/namespaces/kustomization.yaml
View file

@ -4,3 +4,4 @@ resources:
- test-name.yaml - test-name.yaml
- external-secrets.yaml - external-secrets.yaml
- authentik.yaml - authentik.yaml
- traefik.yaml

6
flux/cluster/core/namespaces/traefik.yaml Normal file
View file

@ -0,0 +1,6 @@
kind: Namespace
apiVersion: v1
metadata:
name: traefik
labels:
name: traefik

1
flux/cluster/crds/kustomization.yaml
View file

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- external-secrets - external-secrets
- traefik

29
flux/cluster/crds/traefik/crds.yaml Normal file
View file

@ -0,0 +1,29 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: traefik-crd-source
namespace: flux-system
spec:
interval: 30m
url: https://github.com/traefik/traefik-helm-chart.git
ref:
tag: v10.19.5
ignore: |
# exclude all
/*
# path to crds
!/traefik/crds/
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: traefik-crds
namespace: flux-system
spec:
interval: 15m
prune: false
wait: true
sourceRef:
kind: GitRepository
name: traefik-crd-source

4
flux/cluster/crds/traefik/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crds.yaml

5
nixos/machines/nginx/default.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
proxy = path: { proxy = path: {
http2 = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -10,6 +10,7 @@ let
}; };
}; };
bigProxy = path: { bigProxy = path: {
http2 = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -33,10 +34,12 @@ in {
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true;
package = pkgs.nginxMainline; package = pkgs.nginxMainline;
virtualHosts."asraphiel.dev" = { virtualHosts."asraphiel.dev" = {
forceSSL = true; forceSSL = true;
http2 = true;
enableACME = true; enableACME = true;
root = "/etc/main"; root = "/etc/main";
}; };