2024-10-28 15:05:06 +00:00
|
|
|
{
|
|
|
|
self,
|
|
|
|
utils,
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
globals,
|
|
|
|
...
|
|
|
|
}: {
|
2024-09-07 10:35:02 +00:00
|
|
|
options.attic.enable = lib.mkEnableOption "attic";
|
|
|
|
|
|
|
|
config = lib.mkIf config.attic.enable {
|
2024-10-01 16:46:15 +00:00
|
|
|
kubernetes.resources = {
|
|
|
|
secrets = {
|
|
|
|
server.stringData.token = "ref+sops://secrets.yml#attic/jwtToken";
|
|
|
|
database.stringData = {
|
|
|
|
password = "ref+sops://secrets.yml#/attic/databasePassword";
|
|
|
|
url = "ref+sops://secrets.yml#/attic/databaseURL+";
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
2024-10-01 16:46:15 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
deployments = {
|
|
|
|
attic.spec = {
|
|
|
|
selector.matchLabels = {
|
|
|
|
app = "attic";
|
|
|
|
component = "website";
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
strategy = {
|
|
|
|
type = "RollingUpdate";
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
rollingUpdate = {
|
|
|
|
maxSurge = 0;
|
|
|
|
maxUnavailable = 1;
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
2024-10-01 16:46:15 +00:00
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
template = {
|
|
|
|
metadata.labels = {
|
|
|
|
app = "attic";
|
|
|
|
component = "website";
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
spec = {
|
|
|
|
containers.attic = {
|
2024-12-19 20:07:30 +00:00
|
|
|
image = utils.mkNixNGImage "attic";
|
2024-10-01 16:46:15 +00:00
|
|
|
ports.web.containerPort = 8080;
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
env = {
|
|
|
|
ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64.valueFrom.secretKeyRef = {
|
2024-09-07 10:35:02 +00:00
|
|
|
name = "server";
|
|
|
|
key = "token";
|
|
|
|
};
|
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
ATTIC_SERVER_DATABASE_URL.valueFrom.secretKeyRef = {
|
|
|
|
name = "database";
|
|
|
|
key = "url";
|
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
|
|
|
|
2024-10-28 15:05:06 +00:00
|
|
|
volumeMounts = [
|
|
|
|
{
|
|
|
|
name = "data";
|
|
|
|
mountPath = "/var/lib/atticd/storage";
|
|
|
|
}
|
|
|
|
];
|
2024-10-01 16:46:15 +00:00
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
volumes = {
|
|
|
|
data.persistentVolumeClaim.claimName = "data";
|
|
|
|
server.secret.secretName = "server";
|
|
|
|
};
|
|
|
|
|
|
|
|
securityContext = {
|
|
|
|
fsGroup = 0;
|
|
|
|
fsGroupChangePolicy = "OnRootMismatch";
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-10-01 16:46:15 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
attic-db.spec = {
|
|
|
|
selector.matchLabels = {
|
|
|
|
app = "attic";
|
|
|
|
component = "database";
|
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
template = {
|
|
|
|
metadata.labels = {
|
2024-09-07 10:35:02 +00:00
|
|
|
app = "attic";
|
|
|
|
component = "database";
|
|
|
|
};
|
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
spec = {
|
|
|
|
containers.postgres = {
|
|
|
|
image = globals.images.postgres15;
|
|
|
|
imagePullPolicy = "IfNotPresent";
|
|
|
|
ports.postgres.containerPort = 5432;
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
env = {
|
|
|
|
POSTGRES_DB.value = "attic";
|
|
|
|
POSTGRES_USER.value = "attic";
|
|
|
|
PGDATA.value = "/pgdata/data";
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
|
|
|
|
name = "database";
|
|
|
|
key = "password";
|
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
|
|
|
|
2024-10-28 15:05:06 +00:00
|
|
|
volumeMounts = [
|
|
|
|
{
|
|
|
|
name = "data";
|
|
|
|
mountPath = "/pgdata";
|
|
|
|
}
|
|
|
|
];
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
2024-10-01 16:46:15 +00:00
|
|
|
|
|
|
|
volumes.data.persistentVolumeClaim.claimName = "database";
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-10-01 16:46:15 +00:00
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
services = {
|
|
|
|
attic.spec = {
|
|
|
|
selector = {
|
|
|
|
app = "attic";
|
|
|
|
component = "website";
|
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
ports.web = {
|
|
|
|
port = 80;
|
|
|
|
targetPort = "web";
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
2024-10-01 16:46:15 +00:00
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
database.spec = {
|
|
|
|
selector = {
|
|
|
|
app = "attic";
|
|
|
|
component = "database";
|
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
|
2024-10-01 16:46:15 +00:00
|
|
|
ports.postgres = {
|
|
|
|
port = 5432;
|
|
|
|
targetPort = "postgres";
|
2024-09-07 10:35:02 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-10-01 16:46:15 +00:00
|
|
|
};
|
2024-09-07 10:35:02 +00:00
|
|
|
|
|
|
|
lab = {
|
|
|
|
ingresses.attic = {
|
|
|
|
host = "attic.kun.is";
|
|
|
|
|
|
|
|
service = {
|
|
|
|
name = "attic";
|
|
|
|
portName = "web";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
longhorn.persistentVolumeClaim = {
|
|
|
|
data = {
|
|
|
|
volumeName = "attic";
|
|
|
|
storage = "15Gi";
|
|
|
|
};
|
|
|
|
|
|
|
|
database = {
|
|
|
|
volumeName = "attic-db";
|
|
|
|
storage = "150Mi";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|