Migrate nextcloud database to kubernetes

Disable postgresql database on lewis
2024-05-25 18:05:44 +02:00 · 2024-05-25 18:05:44 +02:00 · 266d7d905c
commit 266d7d905c
parent c56a17fc4f
4 changed files with 127 additions and 93 deletions
--- a/kubenix-modules/nextcloud.nix
+++ b/kubenix-modules/nextcloud.nix
@ -1,73 +1,148 @@
 {
  kubernetes.resources = {
-    configMaps.nextcloud.data = {
-      POSTGRES_USER = "nextcloud";
-      POSTGRES_DB = "nextcloud";
-      POSTGRES_HOST = "lewis.dmz";
+    configMaps = {
+      nextcloud.data = {
+        POSTGRES_USER = "nextcloud";
+        POSTGRES_DB = "nextcloud";
+        POSTGRES_HOST = "lewis.dmz";
+      };
+
+      nextcloud-db-env.data = {
+        POSTGRES_DB = "nextcloud";
+        POSTGRES_USER = "nextcloud";
+        POSTGRES_PASSWORD = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword";
+        PGDATA = "/pgdata/data";
+      };
    };

    secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword";

-    deployments.nextcloud = {
-      metadata.labels.app = "nextcloud";
-
-      spec = {
-        selector.matchLabels.app = "nextcloud";
-        strategy = {
-          type = "RollingUpdate";
-
-          rollingUpdate = {
-            maxSurge = 0;
-            maxUnavailable = 1;
-          };
+    deployments = {
+      nextcloud = {
+        metadata.labels = {
+          app = "nextcloud";
+          component = "website";
        };

-        template = {
-          metadata.labels.app = "nextcloud";
+        spec = {
+          selector.matchLabels = {
+            app = "nextcloud";
+            component = "website";
+          };

-          spec = {
-            volumes.data.persistentVolumeClaim.claimName = "nextcloud";
+          strategy = {
+            type = "RollingUpdate";

-            containers.nextcloud = {
-              image = "nextcloud:28";
-              envFrom = [{ configMapRef.name = "nextcloud"; }];
-              ports.web.containerPort = 80;
+            rollingUpdate = {
+              maxSurge = 0;
+              maxUnavailable = 1;
+            };
+          };

-              env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
-                name = "nextcloud";
-                key = "databasePassword";
+          template = {
+            metadata.labels = {
+              app = "nextcloud";
+              component = "website";
+            };
+
+            spec = {
+              volumes.data.persistentVolumeClaim.claimName = "nextcloud";
+
+              containers.nextcloud = {
+                image = "nextcloud:28";
+                envFrom = [{ configMapRef.name = "nextcloud"; }];
+                ports.web.containerPort = 80;
+
+                env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
+                  name = "nextcloud";
+                  key = "databasePassword";
+                };
+
+                volumeMounts = [{
+                  name = "data";
+                  mountPath = "/var/www/html";
+                }];
              };

-              volumeMounts = [{
-                name = "data";
-                mountPath = "/var/www/html";
+              securityContext = {
+                fsGroup = 33;
+                fsGroupChangePolicy = "OnRootMismatch";
+              };
+
+              affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
+                weight = 1;
+                preference.matchExpressions = [{
+                  key = "storageType";
+                  operator = "In";
+                  values = [ "fast" ];
+                }];
              }];
            };
+          };
+        };
+      };

-            securityContext = {
-              fsGroup = 33;
-              fsGroupChangePolicy = "OnRootMismatch";
+      nextcloud-db = {
+        metadata.labels = {
+          app = "nextcloud";
+          component = "database";
+        };
+
+        spec = {
+          selector.matchLabels = {
+            app = "nextcloud";
+            component = "database";
+          };
+
+          template = {
+            metadata.labels = {
+              app = "nextcloud";
+              component = "database";
            };

-            affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
-              weight = 1;
-              preference.matchExpressions = [{
-                key = "storageType";
-                operator = "In";
-                values = [ "fast" ];
-              }];
-            }];
+            spec = {
+              containers.postgres = {
+                image = "postgres:15";
+                imagePullPolicy = "IfNotPresent";
+                ports.postgres.containerPort = 5432;
+                envFrom = [{ configMapRef.name = "nextcloud-db-env"; }];
+
+                volumeMounts = [{
+                  name = "data";
+                  mountPath = "/pgdata";
+                }];
+              };
+
+              volumes.data.persistentVolumeClaim.claimName = "nextcloud-db";
+            };
          };
        };
      };
    };

-    services.nextcloud.spec = {
-      selector.app = "nextcloud";
+    services = {
+      nextcloud.spec = {
+        selector = {
+          app = "nextcloud";
+          component = "website";
+        };

-      ports.web = {
-        port = 80;
-        targetPort = "web";
+        ports.web = {
+          port = 80;
+          targetPort = "web";
+        };
+      };
+
+      nextcloud-db.spec = {
+        selector = {
+          app = "nextcloud";
+          component = "database";
+        };
+
+        ports.postgres = {
+          port = 5432;
+          targetPort = "postgres";
+        };
      };
    };
  };
--- a/kubenix-modules/volumes.nix
+++ b/kubenix-modules/volumes.nix
@ -1,16 +1,4 @@
 {
-  # kubernetes.resources.pods.testje.spec = {
-  #   containers.testje = {
-  #     image = "nginx";
-  #     volumeMounts = [{
-  #       name = "stuff";
-  #       mountPath = "/stuff";
-  #     }];
-  #   };
-
-  #   volumes.stuff.persistentVolumeClaim.claimName = "paperless-db";
-  # };
-
  lab = {
    longhornVolumes = {
      hedgedoc-uploads.storage = "50Mi";
@ -19,6 +7,7 @@
      radicale.storage = "200Mi";
      minecraft.storage = "1Gi";
      nextcloud.storage = "50Gi";
+      nextcloud-db.storage = "400Mi";
      pihole-data.storage = "750Mi";
      pihole-dnsmasq.storage = "16Mi";
      forgejo.storage = "20Gi";
--- a/nixos-modules/backups.nix
+++ b/nixos-modules/backups.nix
@ -35,15 +35,7 @@ let
      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg_passphrase".path}";
      before_everything = [ "${beforeEverything}/bin/beforeEverything" ];

-      postgresql_databases = [
-        {
-          name = "nextcloud";
-          hostname = "lewis.dmz";
-          username = "nextcloud";
-          password = "\${NEXTCLOUD_DATABASE_PASSWORD}";
-          format = "tar";
-        }
-      ];
+      postgresql_databases = [ ];
    };
  };
 in
--- a/nixos-modules/data-sharing.nix
+++ b/nixos-modules/data-sharing.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ lib, config, ... }:
 let
  cfg = config.lab.data-sharing;

@ -36,14 +36,6 @@ in
        Root directory of NFS data.
      '';
    };
-
-    postgresDir = lib.mkOption {
-      default = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
-      type = lib.types.str;
-      description = ''
-        Postgresql data directory.
-      '';
-    };
  };

  config = lib.mkIf cfg.enable {
@ -54,23 +46,9 @@ in
      20048 # NFS
    ];

-    services = {
-      nfs.server = {
-        enable = true;
-        exports = nfsExports;
-      };
-
-      postgresql = {
-        enable = true;
-        package = pkgs.postgresql_15;
-        enableTCPIP = true;
-
-        dataDir = cfg.postgresDir;
-
-        authentication = ''
-          host	nextcloud	nextcloud	all	      md5
-        '';
-      };
+    services.nfs.server = {
+      enable = true;
+      exports = nfsExports;
    };
  };
 }