home/kubernetes-deployments
2
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions

Init

Browse source
This commit is contained in:
Pim Kunis 2024-09-07 12:35:02 +02:00
commit cdec5a64aa
44 changed files with 9802 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

171
modules/hedgedoc.nix Normal file
View file

@ -0,0 +1,171 @@
{ config, lib, globals, ... }: {
options.hedgedoc.enable = lib.mkEnableOption "hedgedoc";
config = lib.mkIf config.hedgedoc.enable {
kubernetes.resources = {
configMaps.hedgedoc-config.data.config = lib.generators.toJSON { } {
useSSL = false;
};
secrets.hedgedoc.stringData = {
databaseURL = "ref+sops://secrets.yml#/hedgedoc/databaseURL";
sessionSecret = "ref+sops://secrets.yml#/hedgedoc/sessionSecret";
databasePassword = "ref+sops://secrets.yml#/hedgedoc/databasePassword";
};
deployments = {
server.spec = {
selector.matchLabels = {
app = "hedgedoc";
component = "website";
};
template = {
metadata.labels = {
app = "hedgedoc";
component = "website";
};
spec = {
containers.hedgedoc = {
image = globals.images.hedgedoc;
ports.web.containerPort = 3000;
env = {
CMD_DOMAIN.value = "md.kun.is";
CMD_PORT.value = "3000";
CMD_URL_ADDPORT.value = "false";
CMD_ALLOW_ANONYMOUS.value = "true";
CMD_ALLOW_EMAIL_REGISTER.value = "false";
CMD_PROTOCOL_USESSL.value = "true";
CMD_CSP_ENABLE.value = "false";
CMD_DB_URL.valueFrom.secretKeyRef = {
name = "hedgedoc";
key = "databaseURL";
};
CMD_SESSION_SECRET.valueFrom.secretKeyRef = {
name = "hedgedoc";
key = "sessionSecret";
};
};
volumeMounts = [
{
name = "uploads";
mountPath = "/hedgedoc/public/uploads";
}
{
name = "config";
mountPath = "/hedgedoc/config.json";
subPath = "config";
}
];
};
volumes = {
uploads.persistentVolumeClaim.claimName = "uploads";
config.configMap.name = "hedgedoc-config";
};
securityContext = {
fsGroup = 65534;
fsGroupChangePolicy = "OnRootMismatch";
};
};
};
};
database.spec = {
selector.matchLabels = {
app = "hedgedoc";
component = "database";
};
template = {
metadata.labels = {
app = "hedgedoc";
component = "database";
};
spec = {
containers.postgres = {
image = globals.images.postgres15;
imagePullPolicy = "IfNotPresent";
ports.postgres.containerPort = 5432;
env = {
POSTGRES_DB.value = "hedgedoc";
POSTGRES_USER.value = "hedgedoc";
PGDATA.value = "/pgdata/data";
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
name = "hedgedoc";
key = "databasePassword";
};
};
volumeMounts = [{
name = "database";
mountPath = "/pgdata";
}];
};
volumes.database.persistentVolumeClaim.claimName = "database";
};
};
};
};
services = {
server.spec = {
selector = {
app = "hedgedoc";
component = "website";
};
ports.web = {
port = 80;
targetPort = "web";
};
};
database.spec = {
selector = {
app = "hedgedoc";
component = "database";
};
ports.postgres = {
port = 5432;
targetPort = "postgres";
};
};
};
};
lab = {
ingresses.web = {
host = "md.kun.is";
service = {
name = "server";
portName = "web";
};
};
longhorn.persistentVolumeClaim = {
uploads = {
volumeName = "hedgedoc-uploads";
storage = "50Mi";
};
database = {
volumeName = "hedgedoc-db";
storage = "100Mi";
};
};
};
};
}