From 17f507d2770365af855696b789d65e148e82f712 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sun, 14 Jul 2024 19:59:49 +0200
Subject: [PATCH] feat(kitchenowl): Move to separate k8s namespace

---
 README.md                      |  1 +
 flake-parts/kubenix.nix        |  2 ++
 kubenix-modules/all.nix        |  1 -
 kubenix-modules/base.nix       |  1 +
 kubenix-modules/kitchenowl.nix | 65 ++++++++++++++++++++--------------
 kubenix-modules/volumes.nix    |  2 +-
 6 files changed, 43 insertions(+), 29 deletions(-)

diff --git a/README.md b/README.md
index 94d4fd1..578cf99 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,7 @@ Currently, the applications being deployed like this are:
 - `blog`
 - `nextcloud`
 - `hedgedoc`
+- `kitchenowl`
 
 ## Known bugs
 
diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix
index e19bfb6..9906434 100644
--- a/flake-parts/kubenix.nix
+++ b/flake-parts/kubenix.nix
@@ -80,4 +80,6 @@
       "${self}/kubenix-modules/nextcloud.nix" "nextcloud" "nextcloud";
     kubenix.hedgedoc = mkDeployScriptAndManifest
       "${self}/kubenix-modules/hedgedoc.nix" "hedgedoc" "hedgedoc";
+    kubenix.kitchenowl = mkDeployScriptAndManifest
+      "${self}/kubenix-modules/kitchenowl.nix" "kitchenowl" "kitchenowl";
   })
diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix
index 6a722aa..033e366 100644
--- a/kubenix-modules/all.nix
+++ b/kubenix-modules/all.nix
@@ -4,7 +4,6 @@ let
     ./syncthing.nix
     ./pihole.nix
     ./paperless.nix
-    ./kitchenowl.nix
     ./forgejo
     ./media.nix
     ./bind9
diff --git a/kubenix-modules/base.nix b/kubenix-modules/base.nix
index 5210af5..968a3a6 100644
--- a/kubenix-modules/base.nix
+++ b/kubenix-modules/base.nix
@@ -68,6 +68,7 @@
           atuin = { };
           nextcloud = { };
           hedgedoc = { };
+          kitchenowl = { };
         };
 
         nodes =
diff --git a/kubenix-modules/kitchenowl.nix b/kubenix-modules/kitchenowl.nix
index c65ae29..611279c 100644
--- a/kubenix-modules/kitchenowl.nix
+++ b/kubenix-modules/kitchenowl.nix
@@ -1,44 +1,50 @@
 {
   kubernetes.resources = {
-    secrets.kitchenowl.stringData.jwtSecretKey = "ref+sops://secrets/kubernetes.yaml#/kitchenowl/jwtSecretKey";
+    secrets.server.stringData.jwtSecretKey = "ref+sops://secrets/kubernetes.yaml#/kitchenowl/jwtSecretKey";
 
-    deployments.kitchenowl = {
-      metadata.labels.app = "kitchenowl";
+    deployments.server.spec = {
+      selector.matchLabels.app = "kitchenowl";
 
-      spec = {
-        selector.matchLabels.app = "kitchenowl";
+      strategy = {
+        type = "RollingUpdate";
 
-        template = {
-          metadata.labels.app = "kitchenowl";
+        rollingUpdate = {
+          maxSurge = 0;
+          maxUnavailable = 1;
+        };
+      };
 
-          spec = {
-            volumes.data.persistentVolumeClaim.claimName = "kitchenowl";
+      template = {
+        metadata.labels.app = "kitchenowl";
 
-            containers.kitchenowl = {
-              image = "tombursch/kitchenowl:v0.5.1";
-              ports.web.containerPort = 8080;
+        spec = {
+          volumes.data.persistentVolumeClaim.claimName = "data";
 
-              env.JWT_SECRET_KEY.valueFrom.secretKeyRef = {
-                name = "kitchenowl";
-                key = "jwtSecretKey";
-              };
+          containers.kitchenowl = {
+            image = "tombursch/kitchenowl:v0.5.1";
+            ports.web.containerPort = 8080;
+            imagePullPolicy = "Always";
 
-              volumeMounts = [{
-                name = "data";
-                mountPath = "/data";
-              }];
+            env.JWT_SECRET_KEY.valueFrom.secretKeyRef = {
+              name = "server";
+              key = "jwtSecretKey";
             };
 
-            securityContext = {
-              fsGroup = 0;
-              fsGroupChangePolicy = "OnRootMismatch";
-            };
+            volumeMounts = [{
+              name = "data";
+              mountPath = "/data";
+            }];
+          };
+
+          securityContext = {
+            fsGroup = 0;
+            fsGroupChangePolicy = "OnRootMismatch";
           };
         };
       };
     };
 
-    services.kitchenowl.spec = {
+    services.server.spec = {
       selector.app = "kitchenowl";
 
       ports.web = {
@@ -49,13 +55,18 @@
   };
 
   lab = {
-    ingresses.kitchenowl = {
+    ingresses.web = {
       host = "boodschappen.kun.is";
 
       service = {
-        name = "kitchenowl";
+        name = "server";
         portName = "web";
       };
     };
+
+    longhorn.persistentVolumeClaim.data = {
+      volumeName = "kitchenowl";
+      storage = "100Mi";
+    };
   };
 }
diff --git a/kubenix-modules/volumes.nix b/kubenix-modules/volumes.nix
index a09a69d..1747d59 100644
--- a/kubenix-modules/volumes.nix
+++ b/kubenix-modules/volumes.nix
@@ -18,7 +18,6 @@
       pihole-data.storage = "750Mi";
       pihole-dnsmasq.storage = "16Mi";
       forgejo.storage = "20Gi";
-      kitchenowl.storage = "100Mi";
       syncthing.storage = "400Mi";
       paperless-data.storage = "10Gi";
       paperless-redisdata.storage = "20Mi";
@@ -45,6 +44,7 @@
       nextcloud-db.storage = "400Mi";
       hedgedoc-uploads.storage = "50Mi";
       hedgedoc-db.storage = "100Mi";
+      kitchenowl.storage = "100Mi";
     };
 
     nfsVolumes = {