kubernetes-deployments/modules/forgejo/default.nix
2024-09-07 12:35:02 +02:00

102 lines
2.3 KiB
Nix

{ lib, config, globals, ... }: {
options.forgejo.enable = lib.mkEnableOption "forgejo";
config = lib.mkIf config.forgejo.enable {
kubernetes.resources = {
secrets.forgejo.stringData.config = lib.generators.toINI { } (import ./config.nix);
deployments.server.spec = {
selector.matchLabels.app = "forgejo";
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels.app = "forgejo";
spec = {
# This disables services from becoming environmental variables
# to prevent SSH_PORT clashing with Forgejo config.
enableServiceLinks = false;
containers.forgejo = {
image = globals.images.forgejo;
imagePullPolicy = "IfNotPresent";
env = {
USER_UID.value = "1000";
USER_GID.value = "1000";
};
ports = {
web.containerPort = 3000;
ssh.containerPort = 22;
};
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
{
name = "config";
mountPath = "/data/gitea/conf/app.ini";
subPath = "config";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "data";
config.secret.secretName = "forgejo";
};
};
};
};
services = {
web.spec = {
selector.app = "forgejo";
ports.web = {
port = 80;
targetPort = "web";
};
};
ssh.spec = {
type = "LoadBalancer";
loadBalancerIP = globals.gitIPv4;
selector.app = "forgejo";
ports.ssh = {
port = 56287;
targetPort = "ssh";
};
};
};
};
lab = {
ingresses.web = {
host = "git.kun.is";
service = {
name = "web";
portName = "web";
};
};
longhorn.persistentVolumeClaim.data = {
volumeName = "forgejo";
storage = "20Gi";
};
};
};
}