{
lib,
globals,
config,
...
}: {
options.kitchenowl.enable = lib.mkEnableOption "kitchenowl";
config = lib.mkIf config.kitchenowl.enable {
kubernetes.resources = {
secrets.server.stringData.jwtSecretKey = "ref+sops://secrets.yml#/kitchenowl/jwtSecretKey";
deployments.server.spec = {
selector.matchLabels.app = "kitchenowl";
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels.app = "kitchenowl";
spec = {
volumes.data.persistentVolumeClaim.claimName = "data";
containers.kitchenowl = {
image = globals.images.kitchenowl;
ports.web.containerPort = 8080;
imagePullPolicy = "IfNotPresent";
env = {
FRONT_URL.value = "https://boodschappen.kun.is";
OIDC_ISSUER.value = "https://authentik.kun.is/application/o/kitchenowl/";
OIDC_CLIENT_ID.value = "OptR5S9hPix9beuJWFdfNBWRBr2l0nPx7mj8FpB3";
OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/authentik/oauth2/kitchenowl/client_secret";
JWT_SECRET_KEY.valueFrom.secretKeyRef = {
name = "server";
key = "jwtSecretKey";
};
};
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
];
};
securityContext = {
fsGroup = 0;
fsGroupChangePolicy = "OnRootMismatch";
};
};
};
};
services.server.spec = {
selector.app = "kitchenowl";
ports.web = {
port = 80;
targetPort = "web";
};
};
};
lab = {
ingresses.web = {
host = "boodschappen.kun.is";
service = {
name = "server";
portName = "web";
};
};
longhorn.persistentVolumeClaim.data = {
volumeName = "kitchenowl";
storage = "100Mi";
};
};
};
}