ops(k8s): replace k3s with k8s, provide bootstrap, ty @duckfullstop

2026-02-09 12:29:19 -08:00 · 2024-01-19 14:31:24 -08:00 · 2024-01-19 14:31:24 -08:00 · fc67b7a2e5
commit fc67b7a2e5
parent 067d72b8a8
9 changed files with 266 additions and 47 deletions
--- a/systems/tei/cloudflared.nix
+++ b/systems/tei/cloudflared.nix
@ -9,25 +9,61 @@
  inherit (config.networking) hostName;
  cfg = config.services.cloudflared;
  apartment = "5e85d878-c6b2-4b15-b803-9aeb63d63543";
-  systemFor = hostName: if hostName == config.networking.hostName
+  systemFor = hostName:
+    if hostName == config.networking.hostName
    then config
    else meta.network.nodes.${hostName};
-  accessHostFor = { hostName, system ? systemFor hostName, access ? "local", ... }: let
+  accessHostFor = {
+    hostName,
+    system ? systemFor hostName,
+    access ? "local",
+    ...
+  }: let
    host = system.networking.access.hostnameForNetwork.${access} or (throw "unsupported access ${access}");
-  in if hostName == config.networking.hostName then "localhost" else host;
-  ingressForNginx = { host ? system.networking.fqdn, port ? 80, hostName, system ? systemFor hostName }@args: nameValuePair host {
-    service = "http://${accessHostFor args}:${toString port}";
-  };
-  ingressForHass = { host ? system.services.home-assistant.domain, port ? system.services.home-assistant.config.http.server_port, hostName, system ? systemFor hostName, ... }@args: nameValuePair host {
-    service = "http://${accessHostFor args}:${toString port}";
-  };
-  ingressForVouch = { host ? system.services.vouch-proxy.domain, port ? system.services.vouch-proxy.settings.vouch.port, hostName, system ? systemFor hostName, ... }@args: nameValuePair host {
-    service = "http://${accessHostFor args}:${toString port}";
-  };
-  ingressForKanidm = { host ? system.services.kanidm.server.frontend.domain, port ? system.services.kanidm.server.frontend.port, hostName, system ? systemFor hostName, ... }@args: nameValuePair host {
-    service = "https://${accessHostFor args}:${toString port}";
-    originRequest.noTLSVerify = true;
-  };
+  in
+    if hostName == config.networking.hostName
+    then "localhost"
+    else host;
+  ingressForNginx = {
+    host ? system.networking.fqdn,
+    port ? 80,
+    hostName,
+    system ? systemFor hostName,
+  } @ args:
+    nameValuePair host {
+      service = "http://${accessHostFor args}:${toString port}";
+    };
+  ingressForHass = {
+    host ? system.services.home-assistant.domain,
+    port ? system.services.home-assistant.config.http.server_port,
+    hostName,
+    system ? systemFor hostName,
+    ...
+  } @ args:
+    nameValuePair host {
+      service = "http://${accessHostFor args}:${toString port}";
+    };
+  ingressForVouch = {
+    host ? system.services.vouch-proxy.domain,
+    port ? system.services.vouch-proxy.settings.vouch.port,
+    hostName,
+    system ? systemFor hostName,
+    ...
+  } @ args:
+    nameValuePair host {
+      service = "http://${accessHostFor args}:${toString port}";
+    };
+  ingressForKanidm = {
+    host ? system.services.kanidm.server.frontend.domain,
+    port ? system.services.kanidm.server.frontend.port,
+    hostName,
+    system ? systemFor hostName,
+    ...
+  } @ args:
+    nameValuePair host {
+      service = "https://${accessHostFor args}:${toString port}";
+      originRequest.noTLSVerify = true;
+    };
 in {
  sops.secrets.cloudflared-tunnel-apartment.owner = cfg.user;
  services.cloudflared = {
@ -36,11 +72,17 @@ in {
        credentialsFile = config.sops.secrets.cloudflared-tunnel-apartment.path;
        default = "http_status:404";
        ingress = listToAttrs [
-          (ingressForNginx { host = config.networking.domain; inherit hostName; })
-          (ingressForNginx { host = config.services.zigbee2mqtt.domain; inherit hostName; })
-          (ingressForHass { inherit hostName; })
-          (ingressForVouch { inherit hostName; })
-          (ingressForKanidm { inherit hostName; })
+          (ingressForNginx {
+            host = config.networking.domain;
+            inherit hostName;
+          })
+          (ingressForNginx {
+            host = config.services.zigbee2mqtt.domain;
+            inherit hostName;
+          })
+          (ingressForHass {inherit hostName;})
+          (ingressForVouch {inherit hostName;})
+          (ingressForKanidm {inherit hostName;})
        ];
      };
    };