nixos-servers/flake-parts/kubenix/freshrss.nix

121 lines
2.7 KiB
Nix
Raw Normal View History

2024-03-26 19:26:02 +00:00
{
kubernetes.resources = {
configMaps.freshrss.data = {
TZ = "Europe/Amsterdam";
CRON_MIN = "2,32";
ADMIN_EMAIL = "pim@kunis.nl";
PUBLISHED_PORT = "443";
};
# TODO: encrypt this with sops and commit to git repo.
secrets.freshrss.stringData.adminPassword = "ref+file:///home/pim/.config/home/vals.yaml#/freshrss/password";
2024-03-26 19:26:02 +00:00
deployments.freshrss = {
metadata.labels.app = "freshrss";
spec = {
selector.matchLabels.app = "freshrss";
template = {
metadata.labels.app = "freshrss";
spec = {
containers.freshrss = {
image = "freshrss/freshrss:edge";
2024-03-27 20:20:22 +00:00
envFrom = [{ configMapRef.name = "freshrss"; }];
2024-03-26 19:26:02 +00:00
ports = [{
containerPort = 80;
protocol = "TCP";
}];
env = [
{
name = "ADMIN_PASSWORD";
2024-03-27 20:20:22 +00:00
2024-03-26 19:26:02 +00:00
valueFrom.secretKeyRef = {
name = "freshrss";
key = "adminPassword";
};
}
{
name = "ADMIN_API_PASSWORD";
2024-03-27 20:20:22 +00:00
2024-03-26 19:26:02 +00:00
valueFrom.secretKeyRef = {
name = "freshrss";
key = "adminPassword";
};
}
];
volumeMounts = [{
name = "data";
mountPath = "/var/www/FreshRSS/data";
}];
};
volumes = [{
name = "data";
persistentVolumeClaim.claimName = "freshrss";
}];
};
};
};
};
2024-03-27 20:20:22 +00:00
persistentVolumes.freshrss.spec = {
capacity.storage = "1Mi";
accessModes = [ "ReadWriteMany" ];
nfs = {
2024-04-12 21:31:10 +00:00
server = "lewis.dmz";
2024-03-27 20:20:22 +00:00
path = "/mnt/data/nfs/freshrss/data";
};
};
persistentVolumeClaims.freshrss.spec = {
accessModes = [ "ReadWriteMany" ];
storageClassName = "";
resources.requests.storage = "1Mi";
volumeName = "freshrss";
};
2024-03-26 19:26:02 +00:00
services.freshrss.spec = {
selector.app = "freshrss";
ports = [{
protocol = "TCP";
port = 80;
targetPort = 80;
}];
};
ingresses.freshrss = {
metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt";
2024-03-26 19:26:02 +00:00
spec = {
ingressClassName = "traefik";
2024-03-26 19:26:02 +00:00
rules = [{
host = "rss.kun.is";
2024-03-26 19:26:02 +00:00
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "freshrss";
port.number = 80;
};
}];
2024-03-26 19:26:02 +00:00
}];
tls = [{
secretName = "freshrss-tls";
hosts = [ "rss.kun.is" ];
}];
};
2024-03-26 19:26:02 +00:00
};
};
}