kubernetes-deployments/modules/kitchenowl.nix
2024-09-07 12:35:02 +02:00

76 lines
1.7 KiB
Nix

{ lib, globals, config, ... }: {
options.kitchenowl.enable = lib.mkEnableOption "kitchenowl";
config = lib.mkIf config.kitchenowl.enable {
kubernetes.resources = {
secrets.server.stringData.jwtSecretKey = "ref+sops://secrets.yml#/kitchenowl/jwtSecretKey";
deployments.server.spec = {
selector.matchLabels.app = "kitchenowl";
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels.app = "kitchenowl";
spec = {
volumes.data.persistentVolumeClaim.claimName = "data";
containers.kitchenowl = {
image = globals.images.kitchenowl;
ports.web.containerPort = 8080;
imagePullPolicy = "IfNotPresent";
env.JWT_SECRET_KEY.valueFrom.secretKeyRef = {
name = "server";
key = "jwtSecretKey";
};
volumeMounts = [{
name = "data";
mountPath = "/data";
}];
};
securityContext = {
fsGroup = 0;
fsGroupChangePolicy = "OnRootMismatch";
};
};
};
};
services.server.spec = {
selector.app = "kitchenowl";
ports.web = {
port = 80;
targetPort = "web";
};
};
};
lab = {
ingresses.web = {
host = "boodschappen.kun.is";
service = {
name = "server";
portName = "web";
};
};
longhorn.persistentVolumeClaim.data = {
volumeName = "kitchenowl";
storage = "100Mi";
};
};
};
}