From b5fdd14ea6599d1be3f8235a58719000203978d4 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Wed, 5 Feb 2025 22:24:08 +0100 Subject: [PATCH] Add persistent data for Authelia --- modules/authelia.nix | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/modules/authelia.nix b/modules/authelia.nix index b961dc8..d8152fb 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -18,6 +18,20 @@ pod = { kind = "Deployment"; replicas = 1; + + extraVolumes = [ + { + name = "data"; + persistentVolumeClaim.claimName = "data"; + } + ]; + + extraVolumeMounts = [ + { + name = "data"; + mountPath = "/storage"; + } + ]; }; secret.additionalSecrets.authelia.items = [ @@ -58,7 +72,7 @@ local = { enabled = true; - path = "/tmp/storage"; # TODO + path = "/storage/database.sqlite"; }; }; @@ -78,17 +92,29 @@ notifier.filesystem = { enabled = true; - # TODO: switch to SMTP filename = "/tmp/notifications.txt"; }; }; }; }; - resources.secrets.authelia.stringData = { - storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage"; - session = "ref+sops://secrets.yml#/authelia/encryption_keys/session"; - users = "ref+sops://secrets.yml#/authelia/users"; + resources = { + deployments.authelia.spec = { + strategy = { + type = "RollingUpdate"; + + rollingUpdate = { + maxSurge = lib.mkForce 0; + maxUnavailable = lib.mkForce 1; + }; + }; + }; + + secrets.authelia.stringData = { + storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage"; + session = "ref+sops://secrets.yml#/authelia/encryption_keys/session"; + users = "ref+sops://secrets.yml#/authelia/users"; + }; }; };