Add persistent data for Authelia

modules/authelia.nix

@@ -18,6 +18,20 @@
           pod = {
             kind = "Deployment";
             replicas = 1;
+
+            extraVolumes = [
+              {
+                name = "data";
+                persistentVolumeClaim.claimName = "data";
+              }
+            ];
+
+            extraVolumeMounts = [
+              {
+                name = "data";
+                mountPath = "/storage";
+              }
+            ];
           };
 
           secret.additionalSecrets.authelia.items = [
@@ -58,7 +72,7 @@
 
               local = {
                 enabled = true;
-                path = "/tmp/storage"; # TODO
+                path = "/storage/database.sqlite";
               };
             };
 
@@ -78,17 +92,29 @@
 
             notifier.filesystem = {
               enabled = true;
-              # TODO: switch to SMTP
               filename = "/tmp/notifications.txt";
             };
           };
         };
       };
 
-      resources.secrets.authelia.stringData = {
-        storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage";
-        session = "ref+sops://secrets.yml#/authelia/encryption_keys/session";
-        users = "ref+sops://secrets.yml#/authelia/users";
+      resources = {
+        deployments.authelia.spec = {
+          strategy = {
+            type = "RollingUpdate";
+
+            rollingUpdate = {
+              maxSurge = lib.mkForce 0;
+              maxUnavailable = lib.mkForce 1;
+            };
+          };
+        };
+
+        secrets.authelia.stringData = {
+          storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage";
+          session = "ref+sops://secrets.yml#/authelia/encryption_keys/session";
+          users = "ref+sops://secrets.yml#/authelia/users";
+        };
       };
     };