diff --git a/ansible-5/roles/homer/files/config.yml b/ansible-5/roles/homer/files/config.yml index 1ba1f93..d22ecc0 100644 --- a/ansible-5/roles/homer/files/config.yml +++ b/ansible-5/roles/homer/files/config.yml @@ -91,6 +91,12 @@ services: tag: "files" url: "http://cubox-m.xai-corp.net:8090" + - name: "Pi-Hole" + icon: "fa-solid fa-list-check" + subtitle: "dhcp" + tag: "network" + url: "https://pi.hole" + - name: "Saas" icon: "fa-solid fa-cloud" items: diff --git a/ansible-5/roles/prod.k3s/defaults/main.yml b/ansible-5/roles/prod.k3s/defaults/main.yml index ae0ad66..8430be3 100644 --- a/ansible-5/roles/prod.k3s/defaults/main.yml +++ b/ansible-5/roles/prod.k3s/defaults/main.yml @@ -124,6 +124,11 @@ apps: state: absent ktistec: - enabled: true + enabled: false namespace: ktistec state: absent + + bunkerweb: + enabled: true + namespace: default + state: present diff --git a/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml b/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml new file mode 100644 index 0000000..bb092d4 --- /dev/null +++ b/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml @@ -0,0 +1,45 @@ +# Here we will setup the values needed to setup BunkerWeb behind an existing ingress controller +# Traffic flow with BW: LB => existing Ingress Controller => BunkerWeb => Service +# Traffic flow without BW: LB => existing Ingress Controller => Service + +# Global settings +settings: + misc: + # Replace with your DNS resolver + # to get it: kubectl exec in a random pod then cat /etc/resolv.conf + # if you have an IP as nameserver then do a reverse DNS lookup: nslookup + # most of the time it's coredns.kube-system.svc.cluster.local or kube-dns.kube-system.svc.cluster.local +# dnsResolvers: "kube-dns.kube-system.svc.cluster.local" + dnsResolvers: "default.svc.cluster.local" + kubernetes: + # We only consider Ingress resources with ingressClass bunkerweb to avoid conflicts with existing ingress controller + ingressClass: "bunkerweb" + # Optional: you can choose namespace(s) where BunkerWeb will listen for Ingress/ConfigMap changes + # Default (blank value) is all namespaces + namespaces: "" + +# Override the bunkerweb-external service type to ClusterIP +# Since we don't need to expose it to the outside world +# We will use the existing ingress controller to route traffic to BunkerWeb +service: + type: ClusterIP + +# BunkerWeb settings +bunkerweb: + tag: 1.6.6 + +# Scheduler settings +scheduler: + tag: 1.6.6 + extraEnvs: + # Enable real IP module to get real IP of clients + - name: USE_REAL_IP + value: "yes" + +# Controller settings +controller: + tag: 1.6.6 + +# UI settings +ui: + tag: 1.6.6 diff --git a/ansible-5/roles/prod.k3s/files/nextcloud/values.yaml b/ansible-5/roles/prod.k3s/files/nextcloud/values.yaml index f4cd95a..104cd5f 100644 --- a/ansible-5/roles/prod.k3s/files/nextcloud/values.yaml +++ b/ansible-5/roles/prod.k3s/files/nextcloud/values.yaml @@ -1,9 +1,9 @@ --- -#kubectl exec -itn nextcloud nextcloud-74898fbb87-zwj78 -c nextcloud -- su -s /bin/bash - www-data +# https://github.com/nextcloud/helm/blob/main/charts/nextcloud/values.yaml image: repository: nextcloud - tag: "30.0.15" #https://hub.docker.com/_/nextcloud/tags?page=1&name=28. + tag: "stable" #https://hub.docker.com/_/nextcloud/tags?page=1&name=28. flavor: apache # pullSecrets: regcred @@ -184,3 +184,11 @@ redis: cronjob: enabled: true + +extraSidecarContainers: [] + # - name: nextcloud-logger + # image: busybox + # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log'] + # volumeMounts: + # - name: nextcloud-data +# mountPath: /run/nextcloud/data diff --git a/ansible-5/roles/prod.k3s/files/stash/values.yaml b/ansible-5/roles/prod.k3s/files/stash/values.yaml index dbf3054..9ea10c4 100644 --- a/ansible-5/roles/prod.k3s/files/stash/values.yaml +++ b/ansible-5/roles/prod.k3s/files/stash/values.yaml @@ -5,7 +5,7 @@ image: repository: stashapp/stash - tag: v0.29.1 + tag: v0.30.1 ingress: main: diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml new file mode 100644 index 0000000..5c72f41 --- /dev/null +++ b/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml @@ -0,0 +1,36 @@ +# deployment task for bunkerweb +# https://docs.bunkerweb.io/1.6.6/integrations/#kubernetes + + +#- name: Create a namespace for bunkerweb +# k8s: +# kubeconfig: "/etc/rancher/k3s/k3s.yaml" +# name: "{{apps.bunkerweb.namespace}}" +# api_version: v1 +# kind: Namespace +# state: "{{apps.bunkerweb.state}}" +# become: true + +- name: Install bunkerweb instance + block: + - name: Add bunkerweb chart helm repo + local_action: + module: kubernetes.core.helm_repository + name: bunkerweb + repo_url: https://repo.bunkerweb.io/charts + + - name: load variables files/bunkerweb/values.yaml + ansible.builtin.include_vars: + file: files/bunkerweb/values.yaml + name: release_values + + - name: Install bunkerweb chart + local_action: + module: kubernetes.core.helm + release_state: "{{apps.bunkerweb.state}}" + name: bunkerweb + namespace: "{{apps.bunkerweb.namespace}}" + update_repo_cache: True + chart_ref: bunkerweb/bunkerweb + values: "{{release_values}}" + wait: true diff --git a/ansible-5/roles/prod.k3s/tasks/main.yml b/ansible-5/roles/prod.k3s/tasks/main.yml index ec54dcc..35e7059 100644 --- a/ansible-5/roles/prod.k3s/tasks/main.yml +++ b/ansible-5/roles/prod.k3s/tasks/main.yml @@ -63,6 +63,14 @@ include_tasks: deployments/ktistec.yaml when: apps.ktistec.enabled +- name: deploy ktistec + include_tasks: deployments/ktistec.yaml + when: apps.ktistec.enabled + +- name: deploy bunkerweb + include_tasks: deployments/bunkerweb.yaml + when: apps.bunkerweb.enabled + #- name: deploy metallb # include_tasks: deployments/metallb.yaml # when: apps.metallb.enabled