From 709e4b25d7e6db79320ff777b736782b07e26e9c Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Wed, 27 Mar 2024 21:20:22 +0100 Subject: [PATCH] move freshrss to kubernetes --- docker_swarm/playbooks/stacks.yml | 1 - docker_swarm/roles/freshrss/tasks/main.yml | 2 ++ .../roles/traefik/docker-stack.yml.j2 | 10 +++---- nix/flake/kubenix/default.nix | 2 +- nix/flake/kubenix/freshrss.nix | 29 ++++++++++++++----- 5 files changed, 29 insertions(+), 15 deletions(-) diff --git a/docker_swarm/playbooks/stacks.yml b/docker_swarm/playbooks/stacks.yml index ced4d6c..862a97a 100644 --- a/docker_swarm/playbooks/stacks.yml +++ b/docker_swarm/playbooks/stacks.yml @@ -3,7 +3,6 @@ hosts: manager roles: - {role: traefik, tags: traefik} - - {role: freshrss, tags: freshrss} - {role: forgejo, tags: forgejo} - {role: radicale, tags: radicale} - {role: hedgedoc, tags: hedgedoc} diff --git a/docker_swarm/roles/freshrss/tasks/main.yml b/docker_swarm/roles/freshrss/tasks/main.yml index ac6c8bd..fbc7306 100644 --- a/docker_swarm/roles/freshrss/tasks/main.yml +++ b/docker_swarm/roles/freshrss/tasks/main.yml @@ -1,3 +1,5 @@ +- debug: + msg: "{{ admin_password }}" - name: Deploy Docker stack docker_stack: name: freshrss diff --git a/docker_swarm/roles/traefik/docker-stack.yml.j2 b/docker_swarm/roles/traefik/docker-stack.yml.j2 index f339291..af985fa 100644 --- a/docker_swarm/roles/traefik/docker-stack.yml.j2 +++ b/docker_swarm/roles/traefik/docker-stack.yml.j2 @@ -61,11 +61,11 @@ services: - traefik.http.routers.cyberchef.tls=true - traefik.http.routers.cyberchef.tls.certresolver=letsencrypt - - traefik.http.routers.freshrss-k3s.entrypoints=websecure - - traefik.http.routers.freshrss-k3s.service=k3s@file - - traefik.http.routers.freshrss-k3s.rule=Host(`freshrss.k3s.kun.is`) - - traefik.http.routers.freshrss-k3s.tls=true - - traefik.http.routers.freshrss-k3s.tls.certresolver=letsencrypt + - traefik.http.routers.freshrss.entrypoints=websecure + - traefik.http.routers.freshrss.service=k3s@file + - traefik.http.routers.freshrss.rule=Host(`rss.kun.is`) + - traefik.http.routers.freshrss.tls=true + - traefik.http.routers.freshrss.tls.certresolver=letsencrypt volumes: - type: bind source: /var/run/docker.sock diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix index 3157a6d..0312680 100644 --- a/nix/flake/kubenix/default.nix +++ b/nix/flake/kubenix/default.nix @@ -7,7 +7,7 @@ imports = [ kubenix.modules.k8s kubenix.modules.helm - # ./freshrss.nix + ./freshrss.nix ./cyberchef.nix ]; kubernetes.kubeconfig = "~/.kube/config"; diff --git a/nix/flake/kubenix/freshrss.nix b/nix/flake/kubenix/freshrss.nix index 62d8b08..648121c 100644 --- a/nix/flake/kubenix/freshrss.nix +++ b/nix/flake/kubenix/freshrss.nix @@ -9,12 +9,6 @@ secrets.freshrss.stringData.adminPassword = "ref+file:///home/pim/.config/home/vals.yaml"; - persistentVolumeClaims.freshrss.spec = { - accessModes = [ "ReadWriteOnce" ]; - storageClassName = "local-path"; - resources.requests.storage = "1Mi"; - }; - deployments.freshrss = { metadata.labels.app = "freshrss"; @@ -27,16 +21,17 @@ spec = { containers.freshrss = { image = "freshrss/freshrss:edge"; + envFrom = [{ configMapRef.name = "freshrss"; }]; ports = [{ containerPort = 80; protocol = "TCP"; }]; - envFrom = [{ configMapRef.name = "freshrss"; }]; env = [ { name = "ADMIN_PASSWORD"; + valueFrom.secretKeyRef = { name = "freshrss"; key = "adminPassword"; @@ -44,6 +39,7 @@ } { name = "ADMIN_API_PASSWORD"; + valueFrom.secretKeyRef = { name = "freshrss"; key = "adminPassword"; @@ -66,6 +62,23 @@ }; }; + persistentVolumes.freshrss.spec = { + capacity.storage = "1Mi"; + accessModes = [ "ReadWriteMany" ]; + + nfs = { + server = "lewis.hyp"; + path = "/mnt/data/nfs/freshrss/data"; + }; + }; + + persistentVolumeClaims.freshrss.spec = { + accessModes = [ "ReadWriteMany" ]; + storageClassName = ""; + resources.requests.storage = "1Mi"; + volumeName = "freshrss"; + }; + services.freshrss.spec = { selector.app = "freshrss"; @@ -80,7 +93,7 @@ ingressClassName = "traefik"; rules = [{ - host = "freshrss.k3s.kun.is"; + host = "rss.kun.is"; http.paths = [{ path = "/";