{ config, utils, globals, lib, ... }: { options.atuin.enable = lib.mkEnableOption "atuin"; config = lib.mkIf config.atuin.enable { kubernetes.resources = { secrets.database.stringData = { databasePassword = "ref+sops://secrets.yml#/atuin/databasePassword"; databaseURL = "ref+sops://secrets.yml#/atuin/databaseURL"; }; deployments.server.spec = { selector.matchLabels.app = "atuin"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "atuin"; spec = { volumes.database.persistentVolumeClaim.claimName = "database"; containers = { atuin = { image = utils.mkNixNGImage "atuin"; ports.web.containerPort = 8888; env.ATUIN_DB_URI.valueFrom.secretKeyRef = { name = "database"; key = "databaseURL"; }; }; database = { image = globals.images.postgres14; ports.web.containerPort = 5432; env = { POSTGRES_DB.value = "atuin"; POSTGRES_USER.value = "atuin"; POSTGRES_PASSWORD.valueFrom.secretKeyRef = { name = "database"; key = "databasePassword"; }; }; volumeMounts = [ { name = "database"; mountPath = "/var/lib/postgresql/data"; } ]; }; }; }; }; }; services.server.spec = { selector.app = "atuin"; ports.web = { port = 80; targetPort = "web"; }; }; }; lab = { ingresses.server = { host = "atuin.kun.is"; service = { name = "server"; portName = "web"; }; }; longhorn.persistentVolumeClaim.database = { volumeName = "atuin-db"; storage = "300Mi"; }; }; }; }