move freshrss to kubernetes

docker_swarm/playbooks/stacks.yml

@@ -3,7 +3,6 @@
   hosts: manager
   roles:
     - {role: traefik, tags: traefik}
-    - {role: freshrss, tags: freshrss}
     - {role: forgejo, tags: forgejo}
     - {role: radicale, tags: radicale}
     - {role: hedgedoc, tags: hedgedoc}

docker_swarm/roles/freshrss/tasks/main.yml

@@ -1,3 +1,5 @@
+- debug:
+    msg: "{{ admin_password }}"
 - name: Deploy Docker stack
   docker_stack:
     name: freshrss

docker_swarm/roles/traefik/docker-stack.yml.j2

@@ -61,11 +61,11 @@ services:
         - traefik.http.routers.cyberchef.tls=true
         - traefik.http.routers.cyberchef.tls.certresolver=letsencrypt
 
-        - traefik.http.routers.freshrss-k3s.entrypoints=websecure
+        - traefik.http.routers.freshrss.entrypoints=websecure
-        - traefik.http.routers.freshrss-k3s.service=k3s@file
+        - traefik.http.routers.freshrss.service=k3s@file
-        - traefik.http.routers.freshrss-k3s.rule=Host(`freshrss.k3s.kun.is`)
+        - traefik.http.routers.freshrss.rule=Host(`rss.kun.is`)
-        - traefik.http.routers.freshrss-k3s.tls=true
+        - traefik.http.routers.freshrss.tls=true
-        - traefik.http.routers.freshrss-k3s.tls.certresolver=letsencrypt
+        - traefik.http.routers.freshrss.tls.certresolver=letsencrypt
     volumes:
       - type: bind
         source: /var/run/docker.sock

nix/flake/kubenix/default.nix

@@ -7,7 +7,7 @@
         imports = [
           kubenix.modules.k8s
           kubenix.modules.helm
-          # ./freshrss.nix
+          ./freshrss.nix
           ./cyberchef.nix
         ];
         kubernetes.kubeconfig = "~/.kube/config";

nix/flake/kubenix/freshrss.nix

@@ -9,12 +9,6 @@
 
     secrets.freshrss.stringData.adminPassword = "ref+file:///home/pim/.config/home/vals.yaml";
 
-    persistentVolumeClaims.freshrss.spec = {
-      accessModes = [ "ReadWriteOnce" ];
-      storageClassName = "local-path";
-      resources.requests.storage = "1Mi";
-    };
-
     deployments.freshrss = {
       metadata.labels.app = "freshrss";
 
@@ -27,16 +21,17 @@
           spec = {
             containers.freshrss = {
               image = "freshrss/freshrss:edge";
+              envFrom = [{ configMapRef.name = "freshrss"; }];
 
               ports = [{
                 containerPort = 80;
                 protocol = "TCP";
               }];
 
-              envFrom = [{ configMapRef.name = "freshrss"; }];
               env = [
                 {
                   name = "ADMIN_PASSWORD";
+
                   valueFrom.secretKeyRef = {
                     name = "freshrss";
                     key = "adminPassword";
@@ -44,6 +39,7 @@
                 }
                 {
                   name = "ADMIN_API_PASSWORD";
+
                   valueFrom.secretKeyRef = {
                     name = "freshrss";
                     key = "adminPassword";
@@ -66,6 +62,23 @@
       };
     };
 
+    persistentVolumes.freshrss.spec = {
+      capacity.storage = "1Mi";
+      accessModes = [ "ReadWriteMany" ];
+
+      nfs = {
+        server = "lewis.hyp";
+        path = "/mnt/data/nfs/freshrss/data";
+      };
+    };
+
+    persistentVolumeClaims.freshrss.spec = {
+      accessModes = [ "ReadWriteMany" ];
+      storageClassName = "";
+      resources.requests.storage = "1Mi";
+      volumeName = "freshrss";
+    };
+
     services.freshrss.spec = {
       selector.app = "freshrss";
 
@@ -80,7 +93,7 @@
       ingressClassName = "traefik";
 
       rules = [{
-        host = "freshrss.k3s.kun.is";
+        host = "rss.kun.is";
 
         http.paths = [{
           path = "/";