home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

feat(nextcloud): Move to separate k8s namespace

Browse source
This commit is contained in:
Pim Kunis 2024-07-14 15:56:38 +02:00
parent 0d2b2b90f7
commit 2fbc150912
6 changed files with 90 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -58,6 +58,7 @@ Currently, the applications being deployed like this are:
- `kms` - `kms`
- `atuin` - `atuin`
- `blog` - `blog`
- `nextcloud`
## Known bugs ## Known bugs

2
flake-parts/kubenix.nix
View file

@ -76,4 +76,6 @@
"${self}/kubenix-modules/atuin.nix" "atuin" "atuin"; "${self}/kubenix-modules/atuin.nix" "atuin" "atuin";
kubenix.blog = mkDeployScriptAndManifest kubenix.blog = mkDeployScriptAndManifest
"${self}/kubenix-modules/blog.nix" "blog" "static-websites"; "${self}/kubenix-modules/blog.nix" "blog" "static-websites";
kubenix.nextcloud = mkDeployScriptAndManifest
"${self}/kubenix-modules/nextcloud.nix" "nextcloud" "nextcloud";
}) })

1
kubenix-modules/all.nix
View file

@ -2,7 +2,6 @@ let
applications = [ applications = [
./inbucket.nix ./inbucket.nix
./syncthing.nix ./syncthing.nix
./nextcloud.nix
./pihole.nix ./pihole.nix
./hedgedoc.nix ./hedgedoc.nix
./paperless.nix ./paperless.nix

1
kubenix-modules/base.nix
View file

@ -66,6 +66,7 @@
radicale = { }; radicale = { };
kms = { }; kms = { };
atuin = { }; atuin = { };
nextcloud = { };
}; };
nodes = nodes =

90
kubenix-modules/nextcloud.nix
View file

@ -1,33 +1,12 @@
{ {
kubernetes.resources = { kubernetes.resources = {
configMaps = { secrets.database.stringData.databasePassword = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword";
nextcloud.data = {
POSTGRES_USER = "nextcloud";
POSTGRES_DB = "nextcloud";
POSTGRES_HOST = "lewis.dmz";
};
nextcloud-db-env.data = {
POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud";
POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword";
PGDATA = "/pgdata/data";
};
};
secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword";
deployments = { deployments = {
nextcloud = { server.spec = {
metadata.labels = {
app = "nextcloud";
component = "website";
};
spec = {
selector.matchLabels = { selector.matchLabels = {
app = "nextcloud"; app = "nextcloud";
component = "website"; component = "server";
}; };
strategy = { strategy = {
@ -42,21 +21,26 @@
template = { template = {
metadata.labels = { metadata.labels = {
app = "nextcloud"; app = "nextcloud";
component = "website"; component = "server";
}; };
spec = { spec = {
volumes.data.persistentVolumeClaim.claimName = "nextcloud"; volumes.data.persistentVolumeClaim.claimName = "data";
containers.nextcloud = { containers.nextcloud = {
image = "nextcloud:28"; image = "nextcloud:28";
envFrom = [{ configMapRef.name = "nextcloud"; }];
ports.web.containerPort = 80; ports.web.containerPort = 80;
env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = { env = {
name = "nextcloud"; POSTGRES_USER.value = "nextcloud";
POSTGRES_DB.value = "nextcloud";
POSTGRES_HOST.value = "lewis.dmz";
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
name = "database";
key = "databasePassword"; key = "databasePassword";
}; };
};
volumeMounts = [{ volumeMounts = [{
name = "data"; name = "data";
@ -80,15 +64,8 @@
}; };
}; };
}; };
};
nextcloud-db = { database.spec = {
metadata.labels = {
app = "nextcloud";
component = "database";
};
spec = {
selector.matchLabels = { selector.matchLabels = {
app = "nextcloud"; app = "nextcloud";
component = "database"; component = "database";
@ -105,26 +82,35 @@
image = "postgres:15"; image = "postgres:15";
imagePullPolicy = "IfNotPresent"; imagePullPolicy = "IfNotPresent";
ports.postgres.containerPort = 5432; ports.postgres.containerPort = 5432;
envFrom = [{ configMapRef.name = "nextcloud-db-env"; }];
env = {
POSTGRES_DB.value = "nextcloud";
POSTGRES_USER.value = "nextcloud";
PGDATA.value = "/pgdata/data";
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
name = "database";
key = "databasePassword";
};
};
volumeMounts = [{ volumeMounts = [{
name = "data"; name = "database";
mountPath = "/pgdata"; mountPath = "/pgdata";
}]; }];
}; };
volumes.data.persistentVolumeClaim.claimName = "nextcloud-db"; volumes.database.persistentVolumeClaim.claimName = "database";
};
}; };
}; };
}; };
}; };
services = { services = {
nextcloud.spec = { server.spec = {
selector = { selector = {
app = "nextcloud"; app = "nextcloud";
component = "website"; component = "server";
}; };
ports.web = { ports.web = {
@ -133,7 +119,7 @@
}; };
}; };
nextcloud-db.spec = { database.spec = {
selector = { selector = {
app = "nextcloud"; app = "nextcloud";
component = "database"; component = "database";
@ -148,13 +134,25 @@
}; };
lab = { lab = {
ingresses.nextcloud = { ingresses.web = {
host = "cloud.kun.is"; host = "cloud.kun.is";
service = { service = {
name = "nextcloud"; name = "server";
portName = "web"; portName = "web";
}; };
}; };
longhorn.persistentVolumeClaim = {
data = {
volumeName = "nextcloud";
storage = "50Gi";
};
database = {
volumeName = "nextcloud-db";
storage = "400Mi";
};
};
}; };
} }

4
kubenix-modules/volumes.nix
View file

@ -17,8 +17,6 @@
hedgedoc-uploads.storage = "50Mi"; hedgedoc-uploads.storage = "50Mi";
hedgedoc-db.storage = "100Mi"; hedgedoc-db.storage = "100Mi";
minecraft.storage = "1Gi"; minecraft.storage = "1Gi";
nextcloud.storage = "50Gi";
nextcloud-db.storage = "400Mi";
pihole-data.storage = "750Mi"; pihole-data.storage = "750Mi";
pihole-dnsmasq.storage = "16Mi"; pihole-dnsmasq.storage = "16Mi";
forgejo.storage = "20Gi"; forgejo.storage = "20Gi";
@ -45,6 +43,8 @@
radicale.storage = "200Mi"; radicale.storage = "200Mi";
atuin.storage = "300Mi"; atuin.storage = "300Mi";
atuin-db.storage = "300Mi"; atuin-db.storage = "300Mi";
nextcloud.storage = "50Gi";
nextcloud-db.storage = "400Mi";
}; };
nfsVolumes = { nfsVolumes = {