{ lib, globals, config, ... }: { options.kitchenowl.enable = lib.mkEnableOption "kitchenowl"; config = lib.mkIf config.kitchenowl.enable { kubernetes.resources = { secrets.server.stringData.jwtSecretKey = "ref+sops://secrets.yml#/kitchenowl/jwtSecretKey"; deployments.server.spec = { selector.matchLabels.app = "kitchenowl"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "kitchenowl"; spec = { volumes.data.persistentVolumeClaim.claimName = "data"; containers.kitchenowl = { image = globals.images.kitchenowl; ports.web.containerPort = 8080; imagePullPolicy = "IfNotPresent"; env.JWT_SECRET_KEY.valueFrom.secretKeyRef = { name = "server"; key = "jwtSecretKey"; }; volumeMounts = [ { name = "data"; mountPath = "/data"; } ]; }; securityContext = { fsGroup = 0; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; services.server.spec = { selector.app = "kitchenowl"; ports.web = { port = 80; targetPort = "web"; }; }; }; lab = { ingresses.web = { host = "boodschappen.kun.is"; service = { name = "server"; portName = "web"; }; }; longhorn.persistentVolumeClaim.data = { volumeName = "kitchenowl"; storage = "100Mi"; }; }; }; }