From 3fcbbfa8c28bca82bde152ee9709570bcf9afea2 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sun, 14 Jul 2024 14:14:08 +0200
Subject: [PATCH] feat(atuin): Move to separate k8s namespace

---
 README.md                   |   1 +
 flake-parts/kubenix.nix     |   2 +
 kubenix-modules/all.nix     |   1 -
 kubenix-modules/atuin.nix   | 134 +++++++++++++++++++-----------------
 kubenix-modules/base.nix    |   1 +
 kubenix-modules/volumes.nix |   4 +-
 6 files changed, 78 insertions(+), 65 deletions(-)

diff --git a/README.md b/README.md
index e6264ae..fcf617c 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,7 @@ Currently, the applications being deployed like this are:
 - `freshrss`
 - `radicale`
 - `kms`
+- `atuin`
 
 ## Known bugs
 
diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix
index 2e47c61..470fbb7 100644
--- a/flake-parts/kubenix.nix
+++ b/flake-parts/kubenix.nix
@@ -72,4 +72,6 @@
       "${self}/kubenix-modules/radicale.nix" "radicale" "radicale";
     kubenix.kms = mkDeployScriptAndManifest
       "${self}/kubenix-modules/kms.nix" "kms" "kms";
+    kubenix.atuin = mkDeployScriptAndManifest
+      "${self}/kubenix-modules/atuin.nix" "atuin" "atuin";
   })
diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix
index 5b99c5d..67a3363 100644
--- a/kubenix-modules/all.nix
+++ b/kubenix-modules/all.nix
@@ -13,7 +13,6 @@ let
     ./dnsmasq.nix
     ./blog.nix
     ./attic.nix
-    ./atuin.nix
     ./immich.nix
     # ./argo.nix
     # ./minecraft.nix
diff --git a/kubenix-modules/atuin.nix b/kubenix-modules/atuin.nix
index ccbaea8..cea3eb6 100644
--- a/kubenix-modules/atuin.nix
+++ b/kubenix-modules/atuin.nix
@@ -1,84 +1,80 @@
 {
   kubernetes.resources = {
-    secrets.atuin.stringData = {
+    secrets.database.stringData = {
       databasePassword = "ref+sops://secrets/kubernetes.yaml#/atuin/databasePassword";
       databaseURL = "ref+sops://secrets/kubernetes.yaml#/atuin/databaseURL";
     };
 
-    deployments.atuin = {
-      metadata.labels.app = "atuin";
+    deployments.server.spec = {
+      selector.matchLabels.app = "atuin";
 
-      spec = {
-        selector.matchLabels.app = "atuin";
+      strategy = {
+        type = "RollingUpdate";
 
-        strategy = {
-          type = "RollingUpdate";
-
-          rollingUpdate = {
-            maxSurge = 0;
-            maxUnavailable = 1;
-          };
+        rollingUpdate = {
+          maxSurge = 0;
+          maxUnavailable = 1;
         };
+      };
 
-        template = {
-          metadata.labels.app = "atuin";
+      template = {
+        metadata.labels.app = "atuin";
 
-          spec = {
-            volumes = {
-              data.persistentVolumeClaim.claimName = "atuin";
-              db.persistentVolumeClaim.claimName = "atuin-db";
+        spec = {
+          volumes = {
+            data.persistentVolumeClaim.claimName = "data";
+            database.persistentVolumeClaim.claimName = "database";
+          };
+
+          containers = {
+            atuin = {
+              image = "ghcr.io/atuinsh/atuin:18.3.0";
+              imagePullPolicy = "Always";
+              ports.web.containerPort = 8888;
+              args = [ "server" "start" ];
+
+              env = {
+                ATUIN_HOST.value = "0.0.0.0";
+                ATUIN_PORT.value = "8888";
+                ATUIN_OPEN_REGISTRATION.value = "false";
+
+                ATUIN_DB_URI.valueFrom.secretKeyRef = {
+                  name = "database";
+                  key = "databaseURL";
+                };
+              };
+
+              volumeMounts = [{
+                name = "data";
+                mountPath = "/config";
+              }];
             };
 
-            containers = {
-              atuin = {
-                image = "ghcr.io/atuinsh/atuin:18.3.0";
-                imagePullPolicy = "Always";
-                ports.web.containerPort = 8888;
-                args = [ "server" "start" ];
+            database = {
+              image = "postgres:14";
+              ports.web.containerPort = 5432;
 
-                env = {
-                  ATUIN_HOST.value = "0.0.0.0";
-                  ATUIN_PORT.value = "8888";
-                  ATUIN_OPEN_REGISTRATION.value = "false";
+              env = {
+                POSTGRES_DB.value = "atuin";
+                POSTGRES_USER.value = "atuin";
 
-                  ATUIN_DB_URI.valueFrom.secretKeyRef = {
-                    name = "atuin";
-                    key = "databaseURL";
-                  };
+                POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
+                  name = "database";
+                  key = "databasePassword";
                 };
-
-                volumeMounts = [{
-                  name = "data";
-                  mountPath = "/config";
-                }];
               };
 
-              database = {
-                image = "postgres:14";
-                ports.web.containerPort = 5432;
-
-                env = {
-                  POSTGRES_DB.value = "atuin";
-                  POSTGRES_USER.value = "atuin";
-
-                  POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
-                    name = "atuin";
-                    key = "databasePassword";
-                  };
-                };
-
-                volumeMounts = [{
-                  name = "db";
-                  mountPath = "/var/lib/postgresql/data";
-                }];
-              };
+              volumeMounts = [{
+                name = "database";
+                mountPath = "/var/lib/postgresql/data";
+              }];
             };
           };
         };
       };
     };
 
-    services.atuin.spec = {
+    services.server.spec = {
       selector.app = "atuin";
 
       ports.web = {
@@ -88,12 +84,26 @@
     };
   };
 
-  lab.ingresses.atuin = {
-    host = "atuin.kun.is";
+  lab = {
+    ingresses.server = {
+      host = "atuin.kun.is";
 
-    service = {
-      name = "atuin";
-      portName = "web";
+      service = {
+        name = "server";
+        portName = "web";
+      };
+    };
+
+    longhorn.persistentVolumeClaim = {
+      data = {
+        volumeName = "atuin";
+        storage = "300Mi";
+      };
+
+      database = {
+        volumeName = "atuin-db";
+        storage = "300Mi";
+      };
     };
   };
 }
diff --git a/kubenix-modules/base.nix b/kubenix-modules/base.nix
index b44bbf7..a94ef8a 100644
--- a/kubenix-modules/base.nix
+++ b/kubenix-modules/base.nix
@@ -65,6 +65,7 @@
           freshrss = { };
           radicale = { };
           kms = { };
+          atuin = { };
         };
 
         nodes =
diff --git a/kubenix-modules/volumes.nix b/kubenix-modules/volumes.nix
index 7ff68f0..cae1e1a 100644
--- a/kubenix-modules/volumes.nix
+++ b/kubenix-modules/volumes.nix
@@ -36,8 +36,6 @@
       bazarr.storage = "25Mi";
       attic.storage = "15Gi";
       attic-db.storage = "150Mi";
-      atuin.storage = "300Mi";
-      atuin-db.storage = "300Mi";
       immich.storage = "50Gi";
       immich-db.storage = "5Gi";
     };
@@ -45,6 +43,8 @@
     longhorn.persistentVolume = {
       freshrss.storage = "1Gi";
       radicale.storage = "200Mi";
+      atuin.storage = "300Mi";
+      atuin-db.storage = "300Mi";
     };
 
     nfsVolumes = {