diff --git a/kubenix-modules/nextcloud.nix b/kubenix-modules/nextcloud.nix index afe4bcf..5ebc81d 100644 --- a/kubenix-modules/nextcloud.nix +++ b/kubenix-modules/nextcloud.nix @@ -1,73 +1,148 @@ { kubernetes.resources = { - configMaps.nextcloud.data = { - POSTGRES_USER = "nextcloud"; - POSTGRES_DB = "nextcloud"; - POSTGRES_HOST = "lewis.dmz"; + configMaps = { + nextcloud.data = { + POSTGRES_USER = "nextcloud"; + POSTGRES_DB = "nextcloud"; + POSTGRES_HOST = "lewis.dmz"; + }; + + nextcloud-db-env.data = { + POSTGRES_DB = "nextcloud"; + POSTGRES_USER = "nextcloud"; + POSTGRES_PASSWORD = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword"; + PGDATA = "/pgdata/data"; + }; }; secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword"; - deployments.nextcloud = { - metadata.labels.app = "nextcloud"; - - spec = { - selector.matchLabels.app = "nextcloud"; - strategy = { - type = "RollingUpdate"; - - rollingUpdate = { - maxSurge = 0; - maxUnavailable = 1; - }; + deployments = { + nextcloud = { + metadata.labels = { + app = "nextcloud"; + component = "website"; }; - template = { - metadata.labels.app = "nextcloud"; + spec = { + selector.matchLabels = { + app = "nextcloud"; + component = "website"; + }; - spec = { - volumes.data.persistentVolumeClaim.claimName = "nextcloud"; + strategy = { + type = "RollingUpdate"; - containers.nextcloud = { - image = "nextcloud:28"; - envFrom = [{ configMapRef.name = "nextcloud"; }]; - ports.web.containerPort = 80; + rollingUpdate = { + maxSurge = 0; + maxUnavailable = 1; + }; + }; - env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = { - name = "nextcloud"; - key = "databasePassword"; + template = { + metadata.labels = { + app = "nextcloud"; + component = "website"; + }; + + spec = { + volumes.data.persistentVolumeClaim.claimName = "nextcloud"; + + containers.nextcloud = { + image = "nextcloud:28"; + envFrom = [{ configMapRef.name = "nextcloud"; }]; + ports.web.containerPort = 80; + + env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = { + name = "nextcloud"; + key = "databasePassword"; + }; + + volumeMounts = [{ + name = "data"; + mountPath = "/var/www/html"; + }]; }; - volumeMounts = [{ - name = "data"; - mountPath = "/var/www/html"; + securityContext = { + fsGroup = 33; + fsGroupChangePolicy = "OnRootMismatch"; + }; + + affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{ + weight = 1; + preference.matchExpressions = [{ + key = "storageType"; + operator = "In"; + values = [ "fast" ]; + }]; }]; }; + }; + }; + }; - securityContext = { - fsGroup = 33; - fsGroupChangePolicy = "OnRootMismatch"; + nextcloud-db = { + metadata.labels = { + app = "nextcloud"; + component = "database"; + }; + + spec = { + selector.matchLabels = { + app = "nextcloud"; + component = "database"; + }; + + template = { + metadata.labels = { + app = "nextcloud"; + component = "database"; }; - affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{ - weight = 1; - preference.matchExpressions = [{ - key = "storageType"; - operator = "In"; - values = [ "fast" ]; - }]; - }]; + spec = { + containers.postgres = { + image = "postgres:15"; + imagePullPolicy = "IfNotPresent"; + ports.postgres.containerPort = 5432; + envFrom = [{ configMapRef.name = "nextcloud-db-env"; }]; + + volumeMounts = [{ + name = "data"; + mountPath = "/pgdata"; + }]; + }; + + volumes.data.persistentVolumeClaim.claimName = "nextcloud-db"; + }; }; }; }; }; - services.nextcloud.spec = { - selector.app = "nextcloud"; + services = { + nextcloud.spec = { + selector = { + app = "nextcloud"; + component = "website"; + }; - ports.web = { - port = 80; - targetPort = "web"; + ports.web = { + port = 80; + targetPort = "web"; + }; + }; + + nextcloud-db.spec = { + selector = { + app = "nextcloud"; + component = "database"; + }; + + ports.postgres = { + port = 5432; + targetPort = "postgres"; + }; }; }; }; diff --git a/kubenix-modules/volumes.nix b/kubenix-modules/volumes.nix index 9ef9fca..903d683 100644 --- a/kubenix-modules/volumes.nix +++ b/kubenix-modules/volumes.nix @@ -1,16 +1,4 @@ { - # kubernetes.resources.pods.testje.spec = { - # containers.testje = { - # image = "nginx"; - # volumeMounts = [{ - # name = "stuff"; - # mountPath = "/stuff"; - # }]; - # }; - - # volumes.stuff.persistentVolumeClaim.claimName = "paperless-db"; - # }; - lab = { longhornVolumes = { hedgedoc-uploads.storage = "50Mi"; @@ -19,6 +7,7 @@ radicale.storage = "200Mi"; minecraft.storage = "1Gi"; nextcloud.storage = "50Gi"; + nextcloud-db.storage = "400Mi"; pihole-data.storage = "750Mi"; pihole-dnsmasq.storage = "16Mi"; forgejo.storage = "20Gi"; diff --git a/nixos-modules/backups.nix b/nixos-modules/backups.nix index 761ab2d..1b9a1f6 100644 --- a/nixos-modules/backups.nix +++ b/nixos-modules/backups.nix @@ -35,15 +35,7 @@ let encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg_passphrase".path}"; before_everything = [ "${beforeEverything}/bin/beforeEverything" ]; - postgresql_databases = [ - { - name = "nextcloud"; - hostname = "lewis.dmz"; - username = "nextcloud"; - password = "\${NEXTCLOUD_DATABASE_PASSWORD}"; - format = "tar"; - } - ]; + postgresql_databases = [ ]; }; }; in diff --git a/nixos-modules/data-sharing.nix b/nixos-modules/data-sharing.nix index fac93d4..0aadc04 100644 --- a/nixos-modules/data-sharing.nix +++ b/nixos-modules/data-sharing.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ lib, config, ... }: let cfg = config.lab.data-sharing; @@ -36,14 +36,6 @@ in Root directory of NFS data. ''; }; - - postgresDir = lib.mkOption { - default = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}"; - type = lib.types.str; - description = '' - Postgresql data directory. - ''; - }; }; config = lib.mkIf cfg.enable { @@ -54,23 +46,9 @@ in 20048 # NFS ]; - services = { - nfs.server = { - enable = true; - exports = nfsExports; - }; - - postgresql = { - enable = true; - package = pkgs.postgresql_15; - enableTCPIP = true; - - dataDir = cfg.postgresDir; - - authentication = '' - host nextcloud nextcloud all md5 - ''; - }; + services.nfs.server = { + enable = true; + exports = nfsExports; }; }; }