{ config, lib, globals, ... }: { options.freshrss.enable = lib.mkEnableOption "freshrss"; config = lib.mkIf config.freshrss.enable { kubernetes.resources = { secrets.server.stringData.adminPassword = "ref+sops://secrets.yml#/freshrss/password"; deployments.server.spec = { selector.matchLabels.app = "freshrss"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "freshrss"; spec = { containers.freshrss = { image = globals.images.freshrss; imagePullPolicy = "IfNotPresent"; ports.web.containerPort = 80; env = { TZ.value = "Europe/Amsterdam"; CRON_MIN.value = "2,32"; ADMIN_EMAIL.value = "pim@kunis.nl"; PUBLISHED_PORT.value = "443"; ADMIN_PASSWORD.valueFrom.secretKeyRef = { name = "server"; key = "adminPassword"; }; ADMIN_API_PASSWORD.valueFrom.secretKeyRef = { name = "server"; key = "adminPassword"; }; }; volumeMounts = [ { name = "data"; mountPath = "/var/www/FreshRSS/data"; } ]; }; volumes.data.persistentVolumeClaim.claimName = "data"; securityContext = { fsGroup = 33; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; services.server.spec = { type = "LoadBalancer"; loadBalancerIP = globals.freshrssIPv4; selector.app = "freshrss"; ports.web = { port = 80; targetPort = "web"; }; }; }; lab = { tailscaleIngresses.tailscale = { host = "freshrss"; service.name = "server"; }; longhorn.persistentVolumeClaim.data = { volumeName = "freshrss"; storage = "1Gi"; }; }; }; }