kubernetes-deployments/modules/attic.nix

174 lines
4 KiB
Nix

{
self,
utils,
lib,
config,
globals,
...
}: {
options.attic.enable = lib.mkEnableOption "attic";
config = lib.mkIf config.attic.enable {
kubernetes.resources = {
secrets = {
server.stringData.token = "ref+sops://secrets.yml#attic/jwtToken";
database.stringData = {
password = "ref+sops://secrets.yml#/attic/databasePassword";
url = "ref+sops://secrets.yml#/attic/databaseURL+";
};
};
deployments = {
attic.spec = {
selector.matchLabels = {
app = "attic";
component = "website";
};
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels = {
app = "attic";
component = "website";
};
spec = {
containers.attic = {
image = utils.mkNixNGImage "attic";
ports.web.containerPort = 8080;
env = {
ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64.valueFrom.secretKeyRef = {
name = "server";
key = "token";
};
ATTIC_SERVER_DATABASE_URL.valueFrom.secretKeyRef = {
name = "database";
key = "url";
};
};
volumeMounts = [
{
name = "data";
mountPath = "/var/lib/atticd/storage";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "data";
server.secret.secretName = "server";
};
securityContext = {
fsGroup = 0;
fsGroupChangePolicy = "OnRootMismatch";
};
};
};
};
attic-db.spec = {
selector.matchLabels = {
app = "attic";
component = "database";
};
template = {
metadata.labels = {
app = "attic";
component = "database";
};
spec = {
containers.postgres = {
image = globals.images.postgres15;
imagePullPolicy = "IfNotPresent";
ports.postgres.containerPort = 5432;
env = {
POSTGRES_DB.value = "attic";
POSTGRES_USER.value = "attic";
PGDATA.value = "/pgdata/data";
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
name = "database";
key = "password";
};
};
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}
];
};
volumes.data.persistentVolumeClaim.claimName = "database";
};
};
};
};
services = {
attic.spec = {
selector = {
app = "attic";
component = "website";
};
ports.web = {
port = 80;
targetPort = "web";
};
};
database.spec = {
selector = {
app = "attic";
component = "database";
};
ports.postgres = {
port = 5432;
targetPort = "postgres";
};
};
};
};
lab = {
ingresses.attic = {
host = "attic.kun.is";
service = {
name = "attic";
portName = "web";
};
};
longhorn.persistentVolumeClaim = {
data = {
volumeName = "attic";
storage = "15Gi";
};
database = {
volumeName = "attic-db";
storage = "150Mi";
};
};
};
};
}