Migrate nextcloud database to kubernetes

Disable postgresql database on lewis
2024-05-25 18:05:44 +02:00 · 2024-05-25 18:05:44 +02:00 · 266d7d905c
commit 266d7d905c
parent c56a17fc4f
4 changed files with 127 additions and 93 deletions
--- a/kubenix-modules/nextcloud.nix
+++ b/kubenix-modules/nextcloud.nix
@ -1,73 +1,148 @@
 {
  kubernetes.resources = {
-    configMaps.nextcloud.data = {
+    configMaps = {
-      POSTGRES_USER = "nextcloud";
+      nextcloud.data = {
-      POSTGRES_DB = "nextcloud";
+        POSTGRES_USER = "nextcloud";
-      POSTGRES_HOST = "lewis.dmz";
+        POSTGRES_DB = "nextcloud";
        POSTGRES_HOST = "lewis.dmz";
      };
      nextcloud-db-env.data = {
        POSTGRES_DB = "nextcloud";
        POSTGRES_USER = "nextcloud";
        POSTGRES_PASSWORD = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword";
        PGDATA = "/pgdata/data";
      };
    };
    secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword";
-    deployments.nextcloud = {
+    deployments = {
-      metadata.labels.app = "nextcloud";
+      nextcloud = {
-
+        metadata.labels = {
-      spec = {
+          app = "nextcloud";
-        selector.matchLabels.app = "nextcloud";
+          component = "website";
        strategy = {
          type = "RollingUpdate";
          rollingUpdate = {
            maxSurge = 0;
            maxUnavailable = 1;
          };
        };
-        template = {
+        spec = {
-          metadata.labels.app = "nextcloud";
+          selector.matchLabels = {
            app = "nextcloud";
            component = "website";
          };
-          spec = {
+          strategy = {
-            volumes.data.persistentVolumeClaim.claimName = "nextcloud";
+            type = "RollingUpdate";
-            containers.nextcloud = {
+            rollingUpdate = {
-              image = "nextcloud:28";
+              maxSurge = 0;
-              envFrom = [{ configMapRef.name = "nextcloud"; }];
+              maxUnavailable = 1;
-              ports.web.containerPort = 80;
+            };
          };
-              env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
+          template = {
-                name = "nextcloud";
+            metadata.labels = {
-                key = "databasePassword";
+              app = "nextcloud";
              component = "website";
            };
            spec = {
              volumes.data.persistentVolumeClaim.claimName = "nextcloud";
              containers.nextcloud = {
                image = "nextcloud:28";
                envFrom = [{ configMapRef.name = "nextcloud"; }];
                ports.web.containerPort = 80;
                env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
                  name = "nextcloud";
                  key = "databasePassword";
                };
                volumeMounts = [{
                  name = "data";
                  mountPath = "/var/www/html";
                }];
              };
-              volumeMounts = [{
+              securityContext = {
-                name = "data";
+                fsGroup = 33;
-                mountPath = "/var/www/html";
+                fsGroupChangePolicy = "OnRootMismatch";
              };
              affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
                weight = 1;
                preference.matchExpressions = [{
                  key = "storageType";
                  operator = "In";
                  values = [ "fast" ];
                }];
              }];
            };
          };
        };
      };
-            securityContext = {
+      nextcloud-db = {
-              fsGroup = 33;
+        metadata.labels = {
-              fsGroupChangePolicy = "OnRootMismatch";
+          app = "nextcloud";
          component = "database";
        };
        spec = {
          selector.matchLabels = {
            app = "nextcloud";
            component = "database";
          };
          template = {
            metadata.labels = {
              app = "nextcloud";
              component = "database";
            };
-            affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
+            spec = {
-              weight = 1;
+              containers.postgres = {
-              preference.matchExpressions = [{
+                image = "postgres:15";
-                key = "storageType";
+                imagePullPolicy = "IfNotPresent";
-                operator = "In";
+                ports.postgres.containerPort = 5432;
-                values = [ "fast" ];
+                envFrom = [{ configMapRef.name = "nextcloud-db-env"; }];
-              }];
+
-            }];
+                volumeMounts = [{
                  name = "data";
                  mountPath = "/pgdata";
                }];
              };
              volumes.data.persistentVolumeClaim.claimName = "nextcloud-db";
            };
          };
        };
      };
    };
-    services.nextcloud.spec = {
+    services = {
-      selector.app = "nextcloud";
+      nextcloud.spec = {
        selector = {
          app = "nextcloud";
          component = "website";
        };
-      ports.web = {
+        ports.web = {
-        port = 80;
+          port = 80;
-        targetPort = "web";
+          targetPort = "web";
        };
      };
      nextcloud-db.spec = {
        selector = {
          app = "nextcloud";
          component = "database";
        };
        ports.postgres = {
          port = 5432;
          targetPort = "postgres";
        };
      };
    };
  };
--- a/kubenix-modules/volumes.nix
+++ b/kubenix-modules/volumes.nix
@ -1,16 +1,4 @@
 {
  # kubernetes.resources.pods.testje.spec = {
  #   containers.testje = {
  #     image = "nginx";
  #     volumeMounts = [{
  #       name = "stuff";
  #       mountPath = "/stuff";
  #     }];
  #   };
  #   volumes.stuff.persistentVolumeClaim.claimName = "paperless-db";
  # };
  lab = {
    longhornVolumes = {
      hedgedoc-uploads.storage = "50Mi";
@ -19,6 +7,7 @@
      radicale.storage = "200Mi";
      minecraft.storage = "1Gi";
      nextcloud.storage = "50Gi";
      nextcloud-db.storage = "400Mi";
      pihole-data.storage = "750Mi";
      pihole-dnsmasq.storage = "16Mi";
      forgejo.storage = "20Gi";
--- a/nixos-modules/backups.nix
+++ b/nixos-modules/backups.nix
@ -35,15 +35,7 @@ let
      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg_passphrase".path}";
      before_everything = [ "${beforeEverything}/bin/beforeEverything" ];
-      postgresql_databases = [
+      postgresql_databases = [ ];
        {
          name = "nextcloud";
          hostname = "lewis.dmz";
          username = "nextcloud";
          password = "\${NEXTCLOUD_DATABASE_PASSWORD}";
          format = "tar";
        }
      ];
    };
  };
 in
--- a/nixos-modules/data-sharing.nix
+++ b/nixos-modules/data-sharing.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ lib, config, ... }:
 let
  cfg = config.lab.data-sharing;
@ -36,14 +36,6 @@ in
        Root directory of NFS data.
      '';
    };
    postgresDir = lib.mkOption {
      default = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
      type = lib.types.str;
      description = ''
        Postgresql data directory.
      '';
    };
  };
  config = lib.mkIf cfg.enable {
@ -54,23 +46,9 @@ in
      20048 # NFS
    ];
-    services = {
+    services.nfs.server = {
-      nfs.server = {
+      enable = true;
-        enable = true;
+      exports = nfsExports;
        exports = nfsExports;
      };
      postgresql = {
        enable = true;
        package = pkgs.postgresql_15;
        enableTCPIP = true;
        dataDir = cfg.postgresDir;
        authentication = ''
          host	nextcloud	nextcloud	all	      md5
        '';
      };
    };
  };
 }