{ config, lib, globals, ... }: { options.hedgedoc.enable = lib.mkEnableOption "hedgedoc"; config = lib.mkIf config.hedgedoc.enable { kubernetes.resources = { configMaps.hedgedoc-config.data.config = lib.generators.toJSON {} { useSSL = false; }; secrets.hedgedoc.stringData = { databaseURL = "ref+sops://secrets.yml#/hedgedoc/databaseURL"; sessionSecret = "ref+sops://secrets.yml#/hedgedoc/sessionSecret"; databasePassword = "ref+sops://secrets.yml#/hedgedoc/databasePassword"; }; deployments = { server.spec = { selector.matchLabels = { app = "hedgedoc"; component = "website"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "hedgedoc"; component = "website"; }; spec = { containers.hedgedoc = { image = globals.images.hedgedoc; ports.web.containerPort = 3000; env = { CMD_DOMAIN.value = "md.kun.is"; CMD_PORT.value = "3000"; CMD_URL_ADDPORT.value = "false"; CMD_ALLOW_ANONYMOUS.value = "true"; CMD_ALLOW_EMAIL_REGISTER.value = "false"; CMD_PROTOCOL_USESSL.value = "true"; CMD_CSP_ENABLE.value = "false"; CMD_DB_URL.valueFrom.secretKeyRef = { name = "hedgedoc"; key = "databaseURL"; }; CMD_SESSION_SECRET.valueFrom.secretKeyRef = { name = "hedgedoc"; key = "sessionSecret"; }; }; volumeMounts = [ { name = "uploads"; mountPath = "/hedgedoc/public/uploads"; } { name = "config"; mountPath = "/hedgedoc/config.json"; subPath = "config"; } ]; }; volumes = { uploads.persistentVolumeClaim.claimName = "uploads"; config.configMap.name = "hedgedoc-config"; }; securityContext = { fsGroup = 65534; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; database.spec = { selector.matchLabels = { app = "hedgedoc"; component = "database"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "hedgedoc"; component = "database"; }; spec = { containers.postgres = { image = globals.images.postgres15; imagePullPolicy = "IfNotPresent"; ports.postgres.containerPort = 5432; env = { POSTGRES_DB.value = "hedgedoc"; POSTGRES_USER.value = "hedgedoc"; PGDATA.value = "/pgdata/data"; POSTGRES_PASSWORD.valueFrom.secretKeyRef = { name = "hedgedoc"; key = "databasePassword"; }; }; volumeMounts = [ { name = "database"; mountPath = "/pgdata"; } ]; }; volumes.database.persistentVolumeClaim.claimName = "database"; }; }; }; }; services = { server.spec = { selector = { app = "hedgedoc"; component = "website"; }; ports.web = { port = 80; targetPort = "web"; }; }; database.spec = { selector = { app = "hedgedoc"; component = "database"; }; ports.postgres = { port = 5432; targetPort = "postgres"; }; }; }; }; lab = { ingresses.web = { host = "md.kun.is"; service = { name = "server"; portName = "web"; }; }; longhorn.persistentVolumeClaim = { uploads = { volumeName = "hedgedoc-uploads"; storage = "50Mi"; }; database = { volumeName = "hedgedoc-db"; storage = "100Mi"; }; }; }; }; }