{ self, utils, lib, config, globals, ... }: { options.attic.enable = lib.mkEnableOption "attic"; config = lib.mkIf config.attic.enable { kubernetes.resources = { secrets = { server.stringData.token = "ref+sops://secrets.yml#attic/jwtToken"; database.stringData = { password = "ref+sops://secrets.yml#/attic/databasePassword"; url = "ref+sops://secrets.yml#/attic/databaseURL+"; }; }; deployments = { attic.spec = { selector.matchLabels = { app = "attic"; component = "website"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "attic"; component = "website"; }; spec = { containers.attic = { image = utils.mkNixNGImage "attic"; ports.web.containerPort = 8080; env = { ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64.valueFrom.secretKeyRef = { name = "server"; key = "token"; }; ATTIC_SERVER_DATABASE_URL.valueFrom.secretKeyRef = { name = "database"; key = "url"; }; }; volumeMounts = [ { name = "data"; mountPath = "/var/lib/atticd/storage"; } ]; }; volumes = { data.persistentVolumeClaim.claimName = "data"; server.secret.secretName = "server"; }; securityContext = { fsGroup = 0; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; attic-db.spec = { selector.matchLabels = { app = "attic"; component = "database"; }; template = { metadata.labels = { app = "attic"; component = "database"; }; spec = { containers.postgres = { image = globals.images.postgres15; imagePullPolicy = "IfNotPresent"; ports.postgres.containerPort = 5432; env = { POSTGRES_DB.value = "attic"; POSTGRES_USER.value = "attic"; PGDATA.value = "/pgdata/data"; POSTGRES_PASSWORD.valueFrom.secretKeyRef = { name = "database"; key = "password"; }; }; volumeMounts = [ { name = "data"; mountPath = "/pgdata"; } ]; }; volumes.data.persistentVolumeClaim.claimName = "database"; }; }; }; }; services = { attic.spec = { selector = { app = "attic"; component = "website"; }; ports.web = { port = 80; targetPort = "web"; }; }; database.spec = { selector = { app = "attic"; component = "database"; }; ports.postgres = { port = 5432; targetPort = "postgres"; }; }; }; }; lab = { ingresses.attic = { host = "attic.kun.is"; service = { name = "attic"; portName = "web"; }; }; longhorn.persistentVolumeClaim = { data = { volumeName = "attic"; storage = "15Gi"; }; database = { volumeName = "attic-db"; storage = "150Mi"; }; }; }; }; }