kubernetes-deployments/modules/attic.nix

175 lines
4 KiB
Nix
Raw Normal View History

2024-10-28 15:05:06 +00:00
{
self,
utils,
lib,
config,
globals,
...
}: {
2024-09-07 10:35:02 +00:00
options.attic.enable = lib.mkEnableOption "attic";
config = lib.mkIf config.attic.enable {
2024-10-01 16:46:15 +00:00
kubernetes.resources = {
secrets = {
server.stringData.token = "ref+sops://secrets.yml#attic/jwtToken";
database.stringData = {
password = "ref+sops://secrets.yml#/attic/databasePassword";
url = "ref+sops://secrets.yml#/attic/databaseURL+";
2024-09-07 10:35:02 +00:00
};
2024-10-01 16:46:15 +00:00
};
deployments = {
attic.spec = {
selector.matchLabels = {
app = "attic";
component = "website";
2024-09-07 10:35:02 +00:00
};
2024-10-01 16:46:15 +00:00
strategy = {
type = "RollingUpdate";
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
2024-09-07 10:35:02 +00:00
};
2024-10-01 16:46:15 +00:00
};
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
template = {
metadata.labels = {
app = "attic";
component = "website";
2024-09-07 10:35:02 +00:00
};
2024-10-01 16:46:15 +00:00
spec = {
containers.attic = {
2024-12-19 20:07:30 +00:00
image = utils.mkNixNGImage "attic";
2024-10-01 16:46:15 +00:00
ports.web.containerPort = 8080;
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
env = {
ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64.valueFrom.secretKeyRef = {
2024-09-07 10:35:02 +00:00
name = "server";
key = "token";
};
2024-10-01 16:46:15 +00:00
ATTIC_SERVER_DATABASE_URL.valueFrom.secretKeyRef = {
name = "database";
key = "url";
};
2024-09-07 10:35:02 +00:00
};
2024-10-28 15:05:06 +00:00
volumeMounts = [
{
name = "data";
mountPath = "/var/lib/atticd/storage";
}
];
2024-10-01 16:46:15 +00:00
};
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
volumes = {
data.persistentVolumeClaim.claimName = "data";
server.secret.secretName = "server";
};
securityContext = {
fsGroup = 0;
fsGroupChangePolicy = "OnRootMismatch";
2024-09-07 10:35:02 +00:00
};
};
};
2024-10-01 16:46:15 +00:00
};
attic-db.spec = {
selector.matchLabels = {
app = "attic";
component = "database";
};
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
template = {
metadata.labels = {
2024-09-07 10:35:02 +00:00
app = "attic";
component = "database";
};
2024-10-01 16:46:15 +00:00
spec = {
containers.postgres = {
image = globals.images.postgres15;
imagePullPolicy = "IfNotPresent";
ports.postgres.containerPort = 5432;
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
env = {
POSTGRES_DB.value = "attic";
POSTGRES_USER.value = "attic";
PGDATA.value = "/pgdata/data";
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
name = "database";
key = "password";
};
2024-09-07 10:35:02 +00:00
};
2024-10-28 15:05:06 +00:00
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}
];
2024-09-07 10:35:02 +00:00
};
2024-10-01 16:46:15 +00:00
volumes.data.persistentVolumeClaim.claimName = "database";
2024-09-07 10:35:02 +00:00
};
};
};
2024-10-01 16:46:15 +00:00
};
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
services = {
attic.spec = {
selector = {
app = "attic";
component = "website";
};
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
ports.web = {
port = 80;
targetPort = "web";
2024-09-07 10:35:02 +00:00
};
2024-10-01 16:46:15 +00:00
};
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
database.spec = {
selector = {
app = "attic";
component = "database";
};
2024-09-07 10:35:02 +00:00
2024-10-01 16:46:15 +00:00
ports.postgres = {
port = 5432;
targetPort = "postgres";
2024-09-07 10:35:02 +00:00
};
};
};
2024-10-01 16:46:15 +00:00
};
2024-09-07 10:35:02 +00:00
lab = {
ingresses.attic = {
host = "attic.kun.is";
service = {
name = "attic";
portName = "web";
};
};
longhorn.persistentVolumeClaim = {
data = {
volumeName = "attic";
storage = "15Gi";
};
database = {
volumeName = "attic-db";
storage = "150Mi";
};
};
};
};
}