kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity

[PIHOLE] Add.

Browse source
This commit is contained in:
Kat Inskip 2023-05-06 19:15:51 -07:00
parent 0a5dfcbde0
commit 41537f7843
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
8 changed files with 346 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

39
cluster/pihole-configmaps.tf Normal file
View file

@ -0,0 +1,39 @@
resource "kubernetes_config_map" "pihole_regex_list" {
metadata {
name = "regex.list"
namespace = "pihole"
}
data = {
"regex.list" = <<EOF
EOF
}
}
resource "kubernetes_config_map" "pihole_adlists_list" {
metadata {
name = "adlists.list"
namespace = "pihole"
}
data = {
"adlists.list" = <<EOF
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
EOF
}
}
resource "kubernetes_config_map" "pihole_whitelist_list" {
metadata {
name = "whitelist.txt"
namespace = "pihole"
}
data = {
"adlists.list" = <<EOF
bbc.co.uk
EOF
}
}

198
cluster/pihole-deployment.tf Normal file
View file

@ -0,0 +1,198 @@
resource "kubernetes_deployment" "pihole" {
metadata {
name = "pihole"
labels = {
app = "pihole"
}
namespace = "pihole"
}
spec {
replicas = 1
selector {
match_labels = {
app = "pihole"
}
}
template {
metadata {
labels = {
app = "pihole"
}
}
spec {
container {
image = "pihole/pihole:latest"
name = "pihole"
port {
container_port = 80
name = "http"
protocol = "TCP"
}
port {
container_port = 443
name = "https"
protocol = "TCP"
}
port {
container_port = 53
name = "dns-udp"
protocol = "UDP"
}
port {
container_port = 67
name = "dns67"
protocol = "UDP"
}
env {
name = "TZ"
value = "America/Vancouver"
}
env {
name = "WEBPASSWORD"
value_from {
secret_key_ref {
name = "pihole-secret-webpassword"
key = "WEBPASSWORD"
}
}
}
env {
name = "DNS1"
value = "1.1.1.1"
}
env {
name = "DNS2"
value = "1.0.0.1"
}
env {
name = "DNSMASQ_LISTENING"
value = "all"
}
env {
name = "PIHOLE_BASE"
value = "/opt/pihole-volume"
}
resources {
limits = {
cpu = "250m"
memory = "896Mi"
}
requests = {
cpu = "20m"
memory = "512Mi"
}
}
volume_mount {
name = "pihole-volume"
mount_path = "/opt/pihole-volume"
}
volume_mount {
name = "regex"
mount_path = "/etc/pihole/regex.list"
sub_path = "regex.list"
}
volume_mount {
name = "adlists"
mount_path = "/etc/pihole/adlists.list"
sub_path = "adlists.list"
}
volume_mount {
name = "whitelist"
mount_path = "/etc/pihole/whitelist.txt"
sub_path = "whitelist.txt"
}
liveness_probe {
http_get {
path = "/admin.index.php"
port = 80
}
initial_delay_seconds = 180
period_seconds = 15
}
readiness_probe {
http_get {
path = "/admin.index.php"
port = 80
}
initial_delay_seconds = 60
period_seconds = 15
}
}
container {
image = "tailscale/tailscale:latest"
name = "tailscale"
security_context {
capabilities {
add = ["NET_ADMIN"]
}
}
env {
name = "TS_KUBE_SECRET"
value = "tailscale-auth"
}
resources {
limits = {
cpu = "250m"
memory = "512Mi"
}
requests = {
cpu = "20m"
memory = "64Mi"
}
}
volume_mount {
name = "tailscale-state-volume"
mount_path = "/tailscale"
}
}
volume {
name = "pihole-volume"
persistent_volume_claim {
claim_name = "pihole-volume-claim"
}
}
volume {
name = "regex"
config_map {
name = "regex.list"
}
}
volume {
name = "adlists"
config_map {
name = "adlists.list"
}
}
volume {
name = "whitelist"
config_map {
name = "whitelist.txt"
}
}
volume {
name = "tailscale-state-volume"
persistent_volume_claim {
claim_name = "tailscale-state-volume-claim"
}
}
}
}
}
}

20
cluster/pihole-ingress.tf Normal file
View file

@ -0,0 +1,20 @@
resource "kubernetes_ingress" "pihole_ingress" {
metadata {
name = "pihole"
namespace = "pihole"
}
spec {
rule {
http {
path {
backend {
service_name = "pihole-tcp"
service_port = 80
}
path = "/admin"
}
}
}
}
}

13
cluster/pihole-namespace.tf Normal file
View file

@ -0,0 +1,13 @@
resource "kubernetes_namespace" "pihole" {
metadata {
annotations = {
name = "pihole"
}
labels = {
app = "pihole"
}
name = "pihole"
}
}

31
cluster/pihole-pvc.tf Normal file
View file

@ -0,0 +1,31 @@
resource "kubernetes_persistent_volume_claim" "pihole-volume" {
metadata {
name = "pihole-volume-claim"
namespace = "pihole"
}
spec {
storage_class_name = "local-path"
access_modes = ["ReadWriteOnce"]
resources {
requests = {
storage = "1Gi"
}
}
}
}
resource "kubernetes_persistent_volume_claim" "tailscale-state-volume" {
metadata {
name = "tailscale-state-volume-claim"
namespace = "pihole"
}
spec {
storage_class_name = "local-path"
access_modes = ["ReadWriteOnce"]
resources {
requests = {
storage = "5Gi"
}
}
}
}

14
cluster/pihole-secret.tf Normal file
View file

@ -0,0 +1,14 @@
variable "pihole_secret_WEBPASSWORD" {
description = "web ui password"
}
resource "kubernetes_secret" "pihole-webpassword" {
metadata {
name = "pihole-secret-webpassword"
namespace = "pihole"
}
data = {
WEBPASSWORD = var.pihole_secret_WEBPASSWORD
}
type = "Opaque"
}

27
cluster/tailscale.tf Normal file
View file

@ -0,0 +1,27 @@
variable "tailscale_api_key" {
type = string
}
provider "tailscale" {
api_key = var.tailscale_api_key
tailnet = "inskip.me"
}
resource "tailscale_tailnet_key" "cluster_reusable" {
reusable = true
ephemeral = true
preauthorized = true
}
resource "kubernetes_secret" "tailscale_auth" {
metadata {
name = "tailscale-auth"
namespace = "pihole"
}
data = {
TS_AUTHKEY = tailscale_tailnet_key.cluster_reusable.key
}
type = "Opaque"
}

4
cluster/terraform.tf
View file

@ -8,5 +8,9 @@ terraform {
source = "hashicorp/kubernetes"
version = "2.20.0"
}
tailscale = {
source = "tailscale/tailscale"
version = "0.13.7"
}
}
}