{ lib, globals, config, ... }: { options.kitchenowl.enable = lib.mkEnableOption "kitchenowl"; config = lib.mkIf config.kitchenowl.enable { kubernetes.resources = { secrets.server.stringData.jwtSecretKey = "ref+sops://secrets.yml#/kitchenowl/jwtSecretKey"; deployments.server.spec = { selector.matchLabels.app = "kitchenowl"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "kitchenowl"; spec = { volumes.data.persistentVolumeClaim.claimName = "data"; containers.kitchenowl = { image = globals.images.kitchenowl; ports.web.containerPort = 8080; imagePullPolicy = "IfNotPresent"; env = { FRONT_URL.value = "https://boodschappen.kun.is"; OIDC_ISSUER.value = "https://authentik.kun.is/application/o/kitchenowl/"; OIDC_CLIENT_ID.value = "OptR5S9hPix9beuJWFdfNBWRBr2l0nPx7mj8FpB3"; OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/authentik/oauth2/kitchenowl/client_secret"; JWT_SECRET_KEY.valueFrom.secretKeyRef = { name = "server"; key = "jwtSecretKey"; }; }; volumeMounts = [ { name = "data"; mountPath = "/data"; } ]; }; securityContext = { fsGroup = 0; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; services.server.spec = { selector.app = "kitchenowl"; ports.web = { port = 80; targetPort = "web"; }; }; }; lab = { ingresses.web = { host = "boodschappen.kun.is"; service = { name = "server"; portName = "web"; }; }; longhorn.persistentVolumeClaim.data = { volumeName = "kitchenowl"; storage = "100Mi"; }; }; }; }