From 2fbc15091288e8deddecaeb8c19411e7609c52e1 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 14 Jul 2024 15:56:38 +0200 Subject: [PATCH] feat(nextcloud): Move to separate k8s namespace --- README.md | 1 + flake-parts/kubenix.nix | 2 + kubenix-modules/all.nix | 1 - kubenix-modules/base.nix | 1 + kubenix-modules/nextcloud.nix | 170 +++++++++++++++++----------------- kubenix-modules/volumes.nix | 4 +- 6 files changed, 90 insertions(+), 89 deletions(-) diff --git a/README.md b/README.md index c4a6222..1291374 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ Currently, the applications being deployed like this are: - `kms` - `atuin` - `blog` +- `nextcloud` ## Known bugs diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index b4caeed..2796651 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -76,4 +76,6 @@ "${self}/kubenix-modules/atuin.nix" "atuin" "atuin"; kubenix.blog = mkDeployScriptAndManifest "${self}/kubenix-modules/blog.nix" "blog" "static-websites"; + kubenix.nextcloud = mkDeployScriptAndManifest + "${self}/kubenix-modules/nextcloud.nix" "nextcloud" "nextcloud"; }) diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix index 3dd9a49..c2e6deb 100644 --- a/kubenix-modules/all.nix +++ b/kubenix-modules/all.nix @@ -2,7 +2,6 @@ let applications = [ ./inbucket.nix ./syncthing.nix - ./nextcloud.nix ./pihole.nix ./hedgedoc.nix ./paperless.nix diff --git a/kubenix-modules/base.nix b/kubenix-modules/base.nix index c06e2b2..a351cee 100644 --- a/kubenix-modules/base.nix +++ b/kubenix-modules/base.nix @@ -66,6 +66,7 @@ radicale = { }; kms = { }; atuin = { }; + nextcloud = { }; }; nodes = diff --git a/kubenix-modules/nextcloud.nix b/kubenix-modules/nextcloud.nix index 13fbe2b..07fda6d 100644 --- a/kubenix-modules/nextcloud.nix +++ b/kubenix-modules/nextcloud.nix @@ -1,130 +1,116 @@ { kubernetes.resources = { - configMaps = { - nextcloud.data = { - POSTGRES_USER = "nextcloud"; - POSTGRES_DB = "nextcloud"; - POSTGRES_HOST = "lewis.dmz"; - }; - - nextcloud-db-env.data = { - POSTGRES_DB = "nextcloud"; - POSTGRES_USER = "nextcloud"; - POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword"; - PGDATA = "/pgdata/data"; - }; - }; - - secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword"; + secrets.database.stringData.databasePassword = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword"; deployments = { - nextcloud = { - metadata.labels = { + server.spec = { + selector.matchLabels = { app = "nextcloud"; - component = "website"; + component = "server"; }; - spec = { - selector.matchLabels = { + strategy = { + type = "RollingUpdate"; + + rollingUpdate = { + maxSurge = 0; + maxUnavailable = 1; + }; + }; + + template = { + metadata.labels = { app = "nextcloud"; - component = "website"; + component = "server"; }; - strategy = { - type = "RollingUpdate"; + spec = { + volumes.data.persistentVolumeClaim.claimName = "data"; - rollingUpdate = { - maxSurge = 0; - maxUnavailable = 1; - }; - }; + containers.nextcloud = { + image = "nextcloud:28"; + ports.web.containerPort = 80; - template = { - metadata.labels = { - app = "nextcloud"; - component = "website"; - }; + env = { + POSTGRES_USER.value = "nextcloud"; + POSTGRES_DB.value = "nextcloud"; + POSTGRES_HOST.value = "lewis.dmz"; - spec = { - volumes.data.persistentVolumeClaim.claimName = "nextcloud"; - - containers.nextcloud = { - image = "nextcloud:28"; - envFrom = [{ configMapRef.name = "nextcloud"; }]; - ports.web.containerPort = 80; - - env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = { - name = "nextcloud"; + POSTGRES_PASSWORD.valueFrom.secretKeyRef = { + name = "database"; key = "databasePassword"; }; - - volumeMounts = [{ - name = "data"; - mountPath = "/var/www/html"; - }]; }; - securityContext = { - fsGroup = 33; - fsGroupChangePolicy = "OnRootMismatch"; - }; - - affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{ - weight = 1; - preference.matchExpressions = [{ - key = "storageType"; - operator = "In"; - values = [ "fast" ]; - }]; + volumeMounts = [{ + name = "data"; + mountPath = "/var/www/html"; }]; }; + + securityContext = { + fsGroup = 33; + fsGroupChangePolicy = "OnRootMismatch"; + }; + + affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{ + weight = 1; + preference.matchExpressions = [{ + key = "storageType"; + operator = "In"; + values = [ "fast" ]; + }]; + }]; }; }; }; - nextcloud-db = { - metadata.labels = { + database.spec = { + selector.matchLabels = { app = "nextcloud"; component = "database"; }; - spec = { - selector.matchLabels = { + template = { + metadata.labels = { app = "nextcloud"; component = "database"; }; - template = { - metadata.labels = { - app = "nextcloud"; - component = "database"; - }; + spec = { + containers.postgres = { + image = "postgres:15"; + imagePullPolicy = "IfNotPresent"; + ports.postgres.containerPort = 5432; - spec = { - containers.postgres = { - image = "postgres:15"; - imagePullPolicy = "IfNotPresent"; - ports.postgres.containerPort = 5432; - envFrom = [{ configMapRef.name = "nextcloud-db-env"; }]; + env = { + POSTGRES_DB.value = "nextcloud"; + POSTGRES_USER.value = "nextcloud"; + PGDATA.value = "/pgdata/data"; - volumeMounts = [{ - name = "data"; - mountPath = "/pgdata"; - }]; + POSTGRES_PASSWORD.valueFrom.secretKeyRef = { + name = "database"; + key = "databasePassword"; + }; }; - volumes.data.persistentVolumeClaim.claimName = "nextcloud-db"; + volumeMounts = [{ + name = "database"; + mountPath = "/pgdata"; + }]; }; + + volumes.database.persistentVolumeClaim.claimName = "database"; }; }; }; }; services = { - nextcloud.spec = { + server.spec = { selector = { app = "nextcloud"; - component = "website"; + component = "server"; }; ports.web = { @@ -133,7 +119,7 @@ }; }; - nextcloud-db.spec = { + database.spec = { selector = { app = "nextcloud"; component = "database"; @@ -148,13 +134,25 @@ }; lab = { - ingresses.nextcloud = { + ingresses.web = { host = "cloud.kun.is"; service = { - name = "nextcloud"; + name = "server"; portName = "web"; }; }; + + longhorn.persistentVolumeClaim = { + data = { + volumeName = "nextcloud"; + storage = "50Gi"; + }; + + database = { + volumeName = "nextcloud-db"; + storage = "400Mi"; + }; + }; }; } diff --git a/kubenix-modules/volumes.nix b/kubenix-modules/volumes.nix index cae1e1a..90097d0 100644 --- a/kubenix-modules/volumes.nix +++ b/kubenix-modules/volumes.nix @@ -17,8 +17,6 @@ hedgedoc-uploads.storage = "50Mi"; hedgedoc-db.storage = "100Mi"; minecraft.storage = "1Gi"; - nextcloud.storage = "50Gi"; - nextcloud-db.storage = "400Mi"; pihole-data.storage = "750Mi"; pihole-dnsmasq.storage = "16Mi"; forgejo.storage = "20Gi"; @@ -45,6 +43,8 @@ radicale.storage = "200Mi"; atuin.storage = "300Mi"; atuin-db.storage = "300Mi"; + nextcloud.storage = "50Gi"; + nextcloud-db.storage = "400Mi"; }; nfsVolumes = {