diff --git a/flake.lock b/flake.lock index 1610aad..0bf506f 100644 --- a/flake.lock +++ b/flake.lock @@ -595,16 +595,16 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1734195137, - "narHash": "sha256-BO6DzwWe2U8FHSxavnFzKHZgobHf2ejI8uu9/AhbHtY=", + "lastModified": 1734470616, + "narHash": "sha256-8pQ2ar2NVU3ehf1o9DHcn3rlsl440eOWcEv7bQfiOec=", "owner": "pizzapim", "repo": "NixNG", - "rev": "b173ab68cbde3395edda3594d63de4de764f4934", + "rev": "fd29c877186dbb06d5593d734952baec199a5261", "type": "github" }, "original": { "owner": "pizzapim", - "ref": "ntfy-sh", + "ref": "radicale", "repo": "NixNG", "type": "github" } diff --git a/flake.nix b/flake.nix index 1eb16c9..ad58734 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,7 @@ }; nixng = { - url = "github:pizzapim/NixNG/ntfy-sh"; + url = "github:pizzapim/NixNG/radicale"; inputs.nixpkgs.follows = "nixpkgs"; }; }; diff --git a/images/radicale.nix b/images/radicale.nix new file mode 100644 index 0000000..b5a7f24 --- /dev/null +++ b/images/radicale.nix @@ -0,0 +1,58 @@ +{ + nglib, + nixpkgs, + ... +}: +nglib.makeSystem +(let + htpasswd_location = "/radicale_htpasswd"; +in { + inherit nixpkgs; + system = "x86_64-linux"; + name = "nixng-radicale"; + + config = {...}: { + dinit.enable = true; + + init.services.radicale = { + shutdownOnExit = true; + + tmpfiles = with nglib.nottmpfiles.dsl; [ + (f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.") + ]; + }; + + services.radicale = { + enable = true; + + settings = { + server = { + hosts = "0.0.0.0:5232, [::]:5232"; + ssl = false; + }; + + encoding = { + request = "utf-8"; + stock = "utf-8"; + }; + + auth = { + realm = "Radicale - Password Required"; + type = "htpasswd"; + htpasswd_filename = htpasswd_location; + htpasswd_encryption = "md5"; + }; + + rights.type = "owner_only"; + + storage = { + type = "multifilesystem"; + filesystem_folder = "/data"; + }; + + logging = {}; + headers = {}; + }; + }; + }; +}) diff --git a/modules/radicale.nix b/modules/radicale.nix index aa0586b..83639ed 100644 --- a/modules/radicale.nix +++ b/modules/radicale.nix @@ -1,5 +1,7 @@ { + self, config, + utils, lib, globals, ... @@ -8,39 +10,6 @@ config = lib.mkIf config.radicale.enable { kubernetes.resources = { - configMaps.server.data = { - users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; - - config = lib.generators.toINI {} { - server = { - hosts = "0.0.0.0:5232, [::]:5232"; - ssl = false; - }; - - encoding = { - request = "utf-8"; - stock = "utf-8"; - }; - - auth = { - realm = "Radicale - Password Required"; - type = "htpasswd"; - htpasswd_filename = "/config/users"; - htpasswd_encryption = "md5"; - }; - - rights.type = "owner_only"; - - storage = { - type = "multifilesystem"; - filesystem_folder = "/data"; - }; - - logging = {}; - headers = {}; - }; - }; - deployments.server.spec = { selector.matchLabels.app = "radicale"; @@ -58,7 +27,7 @@ spec = { containers.radicale = { - image = globals.images.radicale; + image = utils.nixSnapshotterRef (utils.mkNixNGImage "radicale" "${self}/images/radicale.nix"); ports.web.containerPort = 5232; imagePullPolicy = "IfNotPresent"; @@ -67,28 +36,10 @@ name = "data"; mountPath = "/data"; } - { - name = "config"; - mountPath = "/config/config"; - subPath = "config"; - } - { - name = "config"; - mountPath = "/config/users"; - subPath = "users"; - } ]; }; - volumes = { - data.persistentVolumeClaim.claimName = "data"; - config.configMap.name = "server"; - }; - - securityContext = { - fsGroup = 2999; - fsGroupChangePolicy = "OnRootMismatch"; - }; + volumes.data.persistentVolumeClaim.claimName = "data"; }; }; };