home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Add Atuin service

Browse source
This commit is contained in:
Pim Kunis 2024-06-12 23:14:55 +02:00
parent dc73a0bf2c
commit 5ca2b6f473
4 changed files with 107 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
kubenix-modules/all.nix
View file

@ -17,6 +17,7 @@ let
./dnsmasq.nix
./blog.nix
./attic.nix
./atuin.nix
# ./argo.nix
# ./minecraft.nix
];

99
kubenix-modules/atuin.nix Normal file
View file

@ -0,0 +1,99 @@
{
kubernetes.resources = {
secrets.atuin.stringData = {
databasePassword = "ref+sops://secrets/sops.yaml#/atuin/databasePassword";
databaseURL = "ref+sops://secrets/sops.yaml#/atuin/databaseURL";
};
deployments.atuin = {
metadata.labels.app = "atuin";
spec = {
selector.matchLabels.app = "atuin";
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels.app = "atuin";
spec = {
volumes = {
data.persistentVolumeClaim.claimName = "atuin";
db.persistentVolumeClaim.claimName = "atuin-db";
};
containers = {
atuin = {
image = "ghcr.io/atuinsh/atuin:18.3.0";
imagePullPolicy = "Always";
ports.web.containerPort = 8888;
args = [ "server" "start" ];
env = {
ATUIN_HOST.value = "0.0.0.0";
ATUIN_PORT.value = "8888";
ATUIN_OPEN_REGISTRATION.value = "false";
ATUIN_DB_URI.valueFrom.secretKeyRef = {
name = "atuin";
key = "databaseURL";
};
};
volumeMounts = [{
name = "data";
mountPath = "/config";
}];
};
database = {
image = "postgres:14";
ports.web.containerPort = 5432;
env = {
POSTGRES_DB.value = "atuin";
POSTGRES_USER.value = "atuin";
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
name = "atuin";
key = "databasePassword";
};
};
volumeMounts = [{
name = "db";
mountPath = "/var/lib/postgresql/data";
}];
};
};
};
};
};
};
services.atuin.spec = {
selector.app = "atuin";
ports.web = {
port = 80;
targetPort = "web";
};
};
};
lab.ingresses.atuin = {
host = "atuin.kun.is";
service = {
name = "atuin";
portName = "web";
};
};
}

2
kubenix-modules/volumes.nix
View file

@ -26,6 +26,8 @@
attic.storage = "15Gi";
attic-db.storage = "150Mi";
immich-test.storage = "10Gi";
atuin.storage = "600Mi";
atuin-db.storage = "100Mi";
};
nfsVolumes = {

7
secrets/sops.yaml
View file

@ -20,6 +20,9 @@ attic:
jwtToken: ENC[AES256_GCM,data:bEf5v8KhIgyKqyjYOzBmJrZ71GagXqOTH+I3J0Iu+Q3X6XUbGxjwW5/RT3AuJAJ+Owp1Uyk26FmEuurYChG13rBWZ0R85MeMBb2sZ/Q22TXeBxRwzq4Izg==,iv:VlIhxGE8I8W+UFyDLnhUxDzf/us95H86V2FLbsKMSGw=,tag:ynz5eNuxkAl35qzcDNzoAw==,type:str]
databaseURL: ENC[AES256_GCM,data:GZcr8hRVIDwhKKwzHygydXAuJpQjKjN95GK+oqb33QgS5HW647+J5wGXxYan9II6iC0N3oSi36cJIkwIjLr9SJhRcjCkdsCZfNrGmT+F9SqUIi8=,iv:HerbEz1oPCE1F1etWHpFkSvulGRU97KPTcrZauIZQNM=,tag:/UXgWvnmCexvxwQONnmATg==,type:str]
databasePassword: ENC[AES256_GCM,data:AZXZyNJ6tGG3OU9CgC+bj43471Q=,iv:DoTSTIMLFi1+U7lvkix+QM8tP1tR0TtxuZRKlBneYek=,tag:+zk8TJRUzk9tNYXGLWIN2w==,type:str]
atuin:
databaseURL: ENC[AES256_GCM,data:sE9zT6iwrsZB42nGd3fQtdIJqW/QE1qqgBtqHRsNfqm1+0Pvhc9VwIP9wchHlL7n030iRE8=,iv:pAXhb+W5FrWZabgULdMtosdvA7KAQJ2D5nqLUzLax9M=,tag:l8C8yj+m8Ic97qbHAsA2vg==,type:str]
databasePassword: ENC[AES256_GCM,data:Xyrn5LYgQ0/XvoHwAqKe9EPQxNk=,iv:wN5msdAPuVxMCkGYKag+Ppj65rQCHHjNwDH17+HTPVs=,tag:M1rjzLsEqJ9qe24RQs+FMA==,type:str]
sops:
kms: []
gcp_kms: []
@ -44,8 +47,8 @@ sops:
cHJRZWpDdWZlSnh3Qm1GZ28vZ0p0ZjAK7+BS6YQ2cUD21XCISBeNLSUNgNFQfSKI
zL/AAqsVoBTrEs7s9fxmWmVm21/M3ZTYfU6Z6gIr6YEWe1pehRd6ZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-25T15:16:16Z"
mac: ENC[AES256_GCM,data:YMLsRN83mAm+nwi4tgEXHb2TPOel35/q3wLaxhv8lk+yPBiYra+oyGs/dlr6IgTtAGvjN9DM7Uvxng14Ya3l/NHx8ZpmArsnInAqmc4NRfowgB6ITuL4q4eU/XJjfuQNGl3xrrwgAZQJo8UGNc+mEmQMaykAvl03N5WMVaqFyQ0=,iv:SseCh1H76cwjvYD+Mqg/eMt9vJq0BLAhvMftoa8a+mc=,tag:Ochp8CYbtuSJCjdHvhoY3A==,type:str]
lastmodified: "2024-06-12T20:30:18Z"
mac: ENC[AES256_GCM,data:isinf4VigAI6UMTbaTxD/OxQSftK+EC5sJ4Kx8S1yOAmi1RPaKwpHLlrTq4Ah1beF91Q6BonObYyx3viJ0wq0KWnL+U064RBmFiQlHR7XeIzGv/YJA1jrqWI0VKMpG8cQkHtQf1LI1HsHI3SUw53reHAMX+5m+YkIz+mRNYWxoE=,iv:gCG0Ww2Fm/C4HOKYUqTCm9plt+DscWQWwvnpMAg614Q=,tag:a6s1pl5voaONf507XpGZbQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1