feat(nextcloud): Move to separate k8s namespace

README.md

@@ -58,6 +58,7 @@ Currently, the applications being deployed like this are:
 - `kms`
 - `atuin`
 - `blog`
+- `nextcloud`
 
 ## Known bugs
 

flake-parts/kubenix.nix

@@ -76,4 +76,6 @@
       "${self}/kubenix-modules/atuin.nix" "atuin" "atuin";
     kubenix.blog = mkDeployScriptAndManifest
       "${self}/kubenix-modules/blog.nix" "blog" "static-websites";
+    kubenix.nextcloud = mkDeployScriptAndManifest
+      "${self}/kubenix-modules/nextcloud.nix" "nextcloud" "nextcloud";
   })

kubenix-modules/all.nix

@@ -2,7 +2,6 @@ let
   applications = [
     ./inbucket.nix
     ./syncthing.nix
-    ./nextcloud.nix
     ./pihole.nix
     ./hedgedoc.nix
     ./paperless.nix

kubenix-modules/base.nix

@@ -66,6 +66,7 @@
           radicale = { };
           kms = { };
           atuin = { };
+          nextcloud = { };
         };
 
         nodes =

kubenix-modules/nextcloud.nix

@@ -1,130 +1,116 @@
 {
   kubernetes.resources = {
-    configMaps = {
+    secrets.database.stringData.databasePassword = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword";
-      nextcloud.data = {
-        POSTGRES_USER = "nextcloud";
-        POSTGRES_DB = "nextcloud";
-        POSTGRES_HOST = "lewis.dmz";
-      };
-
-      nextcloud-db-env.data = {
-        POSTGRES_DB = "nextcloud";
-        POSTGRES_USER = "nextcloud";
-        POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword";
-        PGDATA = "/pgdata/data";
-      };
-    };
-
-    secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword";
 
     deployments = {
-      nextcloud = {
+      server.spec = {
-        metadata.labels = {
+        selector.matchLabels = {
           app = "nextcloud";
-          component = "website";
+          component = "server";
         };
 
-        spec = {
+        strategy = {
-          selector.matchLabels = {
+          type = "RollingUpdate";
+
+          rollingUpdate = {
+            maxSurge = 0;
+            maxUnavailable = 1;
+          };
+        };
+
+        template = {
+          metadata.labels = {
             app = "nextcloud";
-            component = "website";
+            component = "server";
           };
 
-          strategy = {
+          spec = {
-            type = "RollingUpdate";
+            volumes.data.persistentVolumeClaim.claimName = "data";
 
-            rollingUpdate = {
+            containers.nextcloud = {
-              maxSurge = 0;
+              image = "nextcloud:28";
-              maxUnavailable = 1;
+              ports.web.containerPort = 80;
-            };
-          };
 
-          template = {
+              env = {
-            metadata.labels = {
+                POSTGRES_USER.value = "nextcloud";
-              app = "nextcloud";
+                POSTGRES_DB.value = "nextcloud";
-              component = "website";
+                POSTGRES_HOST.value = "lewis.dmz";
-            };
 
-            spec = {
+                POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
-              volumes.data.persistentVolumeClaim.claimName = "nextcloud";
+                  name = "database";
-
-              containers.nextcloud = {
-                image = "nextcloud:28";
-                envFrom = [{ configMapRef.name = "nextcloud"; }];
-                ports.web.containerPort = 80;
-
-                env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
-                  name = "nextcloud";
                   key = "databasePassword";
                 };
-
-                volumeMounts = [{
-                  name = "data";
-                  mountPath = "/var/www/html";
-                }];
               };
 
-              securityContext = {
+              volumeMounts = [{
-                fsGroup = 33;
+                name = "data";
-                fsGroupChangePolicy = "OnRootMismatch";
+                mountPath = "/var/www/html";
-              };
-
-              affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
-                weight = 1;
-                preference.matchExpressions = [{
-                  key = "storageType";
-                  operator = "In";
-                  values = [ "fast" ];
-                }];
               }];
             };
+
+            securityContext = {
+              fsGroup = 33;
+              fsGroupChangePolicy = "OnRootMismatch";
+            };
+
+            affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{
+              weight = 1;
+              preference.matchExpressions = [{
+                key = "storageType";
+                operator = "In";
+                values = [ "fast" ];
+              }];
+            }];
           };
         };
       };
 
-      nextcloud-db = {
+      database.spec = {
-        metadata.labels = {
+        selector.matchLabels = {
           app = "nextcloud";
           component = "database";
         };
 
-        spec = {
+        template = {
-          selector.matchLabels = {
+          metadata.labels = {
             app = "nextcloud";
             component = "database";
           };
 
-          template = {
+          spec = {
-            metadata.labels = {
+            containers.postgres = {
-              app = "nextcloud";
+              image = "postgres:15";
-              component = "database";
+              imagePullPolicy = "IfNotPresent";
-            };
+              ports.postgres.containerPort = 5432;
 
-            spec = {
+              env = {
-              containers.postgres = {
+                POSTGRES_DB.value = "nextcloud";
-                image = "postgres:15";
+                POSTGRES_USER.value = "nextcloud";
-                imagePullPolicy = "IfNotPresent";
+                PGDATA.value = "/pgdata/data";
-                ports.postgres.containerPort = 5432;
-                envFrom = [{ configMapRef.name = "nextcloud-db-env"; }];
 
-                volumeMounts = [{
+                POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
-                  name = "data";
+                  name = "database";
-                  mountPath = "/pgdata";
+                  key = "databasePassword";
-                }];
+                };
               };
 
-              volumes.data.persistentVolumeClaim.claimName = "nextcloud-db";
+              volumeMounts = [{
+                name = "database";
+                mountPath = "/pgdata";
+              }];
             };
+
+            volumes.database.persistentVolumeClaim.claimName = "database";
           };
         };
       };
     };
 
     services = {
-      nextcloud.spec = {
+      server.spec = {
         selector = {
           app = "nextcloud";
-          component = "website";
+          component = "server";
         };
 
         ports.web = {
@@ -133,7 +119,7 @@
         };
       };
 
-      nextcloud-db.spec = {
+      database.spec = {
         selector = {
           app = "nextcloud";
           component = "database";
@@ -148,13 +134,25 @@
   };
 
   lab = {
-    ingresses.nextcloud = {
+    ingresses.web = {
       host = "cloud.kun.is";
 
       service = {
-        name = "nextcloud";
+        name = "server";
         portName = "web";
       };
     };
+
+    longhorn.persistentVolumeClaim = {
+      data = {
+        volumeName = "nextcloud";
+        storage = "50Gi";
+      };
+
+      database = {
+        volumeName = "nextcloud-db";
+        storage = "400Mi";
+      };
+    };
   };
 }

kubenix-modules/volumes.nix

@@ -17,8 +17,6 @@
       hedgedoc-uploads.storage = "50Mi";
       hedgedoc-db.storage = "100Mi";
       minecraft.storage = "1Gi";
-      nextcloud.storage = "50Gi";
-      nextcloud-db.storage = "400Mi";
       pihole-data.storage = "750Mi";
       pihole-dnsmasq.storage = "16Mi";
       forgejo.storage = "20Gi";
@@ -45,6 +43,8 @@
       radicale.storage = "200Mi";
       atuin.storage = "300Mi";
       atuin-db.storage = "300Mi";
+      nextcloud.storage = "50Gi";
+      nextcloud-db.storage = "400Mi";
     };
 
     nfsVolumes = {