90 lines
2.2 KiB
Nix
90 lines
2.2 KiB
Nix
{
|
|
lib,
|
|
globals,
|
|
config,
|
|
...
|
|
}: {
|
|
options.kitchenowl.enable = lib.mkEnableOption "kitchenowl";
|
|
|
|
config = lib.mkIf config.kitchenowl.enable {
|
|
kubernetes.resources = {
|
|
secrets.server.stringData.jwtSecretKey = "ref+sops://secrets.yml#/kitchenowl/jwtSecretKey";
|
|
|
|
deployments.server.spec = {
|
|
selector.matchLabels.app = "kitchenowl";
|
|
|
|
strategy = {
|
|
type = "RollingUpdate";
|
|
|
|
rollingUpdate = {
|
|
maxSurge = 0;
|
|
maxUnavailable = 1;
|
|
};
|
|
};
|
|
|
|
template = {
|
|
metadata.labels.app = "kitchenowl";
|
|
|
|
spec = {
|
|
volumes.data.persistentVolumeClaim.claimName = "data";
|
|
|
|
containers.kitchenowl = {
|
|
image = globals.images.kitchenowl;
|
|
ports.web.containerPort = 8080;
|
|
imagePullPolicy = "IfNotPresent";
|
|
|
|
env = {
|
|
FRONT_URL.value = "https://boodschappen.kun.is";
|
|
OIDC_ISSUER.value = "https://authentik.kun.is/application/o/kitchenowl/";
|
|
OIDC_CLIENT_ID.value = "OptR5S9hPix9beuJWFdfNBWRBr2l0nPx7mj8FpB3";
|
|
OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/authentik/oauth2/kitchenowl/client_secret";
|
|
|
|
JWT_SECRET_KEY.valueFrom.secretKeyRef = {
|
|
name = "server";
|
|
key = "jwtSecretKey";
|
|
};
|
|
};
|
|
|
|
volumeMounts = [
|
|
{
|
|
name = "data";
|
|
mountPath = "/data";
|
|
}
|
|
];
|
|
};
|
|
|
|
securityContext = {
|
|
fsGroup = 0;
|
|
fsGroupChangePolicy = "OnRootMismatch";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
services.server.spec = {
|
|
selector.app = "kitchenowl";
|
|
|
|
ports.web = {
|
|
port = 80;
|
|
targetPort = "web";
|
|
};
|
|
};
|
|
};
|
|
|
|
lab = {
|
|
ingresses.web = {
|
|
host = "boodschappen.kun.is";
|
|
|
|
service = {
|
|
name = "server";
|
|
portName = "web";
|
|
};
|
|
};
|
|
|
|
longhorn.persistentVolumeClaim.data = {
|
|
volumeName = "kitchenowl";
|
|
storage = "100Mi";
|
|
};
|
|
};
|
|
};
|
|
}
|