home/kubernetes-deployments
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Use NixNG for Radicale

Browse source
This commit is contained in:
Pim Kunis 2024-12-17 23:02:06 +01:00
parent a741e523a0
commit 7fdc63502a
4 changed files with 67 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock
View file

@ -595,16 +595,16 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1734195137,
"narHash": "sha256-BO6DzwWe2U8FHSxavnFzKHZgobHf2ejI8uu9/AhbHtY=",
"lastModified": 1734470616,
"narHash": "sha256-8pQ2ar2NVU3ehf1o9DHcn3rlsl440eOWcEv7bQfiOec=",
"owner": "pizzapim",
"repo": "NixNG",
"rev": "b173ab68cbde3395edda3594d63de4de764f4934",
"rev": "fd29c877186dbb06d5593d734952baec199a5261",
"type": "github"
},
"original": {
"owner": "pizzapim",
"ref": "ntfy-sh",
"ref": "radicale",
"repo": "NixNG",
"type": "github"
}

2
flake.nix
View file

@ -41,7 +41,7 @@
};
nixng = {
url = "github:pizzapim/NixNG/ntfy-sh";
url = "github:pizzapim/NixNG/radicale";
inputs.nixpkgs.follows = "nixpkgs";
};
};

58
images/radicale.nix Normal file
View file

@ -0,0 +1,58 @@
{
nglib,
nixpkgs,
...
}:
nglib.makeSystem
(let
htpasswd_location = "/radicale_htpasswd";
in {
inherit nixpkgs;
system = "x86_64-linux";
name = "nixng-radicale";
config = {...}: {
dinit.enable = true;
init.services.radicale = {
shutdownOnExit = true;
tmpfiles = with nglib.nottmpfiles.dsl; [
(f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.")
];
};
services.radicale = {
enable = true;
settings = {
server = {
hosts = "0.0.0.0:5232, [::]:5232";
ssl = false;
};
encoding = {
request = "utf-8";
stock = "utf-8";
};
auth = {
realm = "Radicale - Password Required";
type = "htpasswd";
htpasswd_filename = htpasswd_location;
htpasswd_encryption = "md5";
};
rights.type = "owner_only";
storage = {
type = "multifilesystem";
filesystem_folder = "/data";
};
logging = {};
headers = {};
};
};
};
})

57
modules/radicale.nix
View file

@ -1,5 +1,7 @@
{
self,
config,
utils,
lib,
globals,
...
@ -8,39 +10,6 @@
config = lib.mkIf config.radicale.enable {
kubernetes.resources = {
configMaps.server.data = {
users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";
config = lib.generators.toINI {} {
server = {
hosts = "0.0.0.0:5232, [::]:5232";
ssl = false;
};
encoding = {
request = "utf-8";
stock = "utf-8";
};
auth = {
realm = "Radicale - Password Required";
type = "htpasswd";
htpasswd_filename = "/config/users";
htpasswd_encryption = "md5";
};
rights.type = "owner_only";
storage = {
type = "multifilesystem";
filesystem_folder = "/data";
};
logging = {};
headers = {};
};
};
deployments.server.spec = {
selector.matchLabels.app = "radicale";
@ -58,7 +27,7 @@
spec = {
containers.radicale = {
image = globals.images.radicale;
image = utils.nixSnapshotterRef (utils.mkNixNGImage "radicale" "${self}/images/radicale.nix");
ports.web.containerPort = 5232;
imagePullPolicy = "IfNotPresent";
@ -67,28 +36,10 @@
name = "data";
mountPath = "/data";
}
{
name = "config";
mountPath = "/config/config";
subPath = "config";
}
{
name = "config";
mountPath = "/config/users";
subPath = "users";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "data";
config.configMap.name = "server";
};
securityContext = {
fsGroup = 2999;
fsGroupChangePolicy = "OnRootMismatch";
};
volumes.data.persistentVolumeClaim.claimName = "data";
};
};
};