From 7326dfd9e98cff899bb34e7b1052373ffd7c55db Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Mon, 20 May 2024 19:33:50 +0200
Subject: [PATCH] Move Freshrss to longhorn

---
 docs/longhorn.md               |  5 ++++-
 kubenix-modules/freshrss.nix   | 12 +++++++++---
 nixos-modules/data-sharing.nix |  3 ---
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/docs/longhorn.md b/docs/longhorn.md
index 6b73bb9..24e854c 100644
--- a/docs/longhorn.md
+++ b/docs/longhorn.md
@@ -28,6 +28,7 @@
    ```
 5. Use `kubectl cp` to copy the data from the local disk to the pod.
 6. Delete the temporary pod.
+7. Be sure to set the group ownership of the mount to the correct GID.
 7. Create the workload with updated volume mounts.
 8. Delete the data from local disk.
 
@@ -45,7 +46,9 @@ Follow these actions to create a Volume:
 1. Using the Longhorn web UI, create a new Longhorn volume, keeping the following in mind:
      - The size can be some more than what we expect to reasonable use. We use storage-overprovisioning, so the total size of volumes can exceed real disk size.
      - The number of replicas should be 2.
-2. Create the PV, PVC and workload as usual.
+2. Enable the "backup-nfs" recurring job for the Longhorn volume.
+3. Disable the "default" recurring job group for the Longhorn volume.
+4. Create the PV, PVC and workload as usual.
 
 ## Disaster recovery using Longhorn backups
 
diff --git a/kubenix-modules/freshrss.nix b/kubenix-modules/freshrss.nix
index 57bb8ae..9d36ffd 100644
--- a/kubenix-modules/freshrss.nix
+++ b/kubenix-modules/freshrss.nix
@@ -19,8 +19,6 @@
           metadata.labels.app = "freshrss";
 
           spec = {
-            volumes.data.persistentVolumeClaim.claimName = "freshrss";
-
             containers.freshrss = {
               # TODO: pin this to a release when a new one is released.
               image = "freshrss/freshrss:edge";
@@ -44,6 +42,13 @@
                 mountPath = "/var/www/FreshRSS/data";
               }];
             };
+
+            volumes.data.persistentVolumeClaim.claimName = "freshrss";
+
+            securityContext = {
+              fsGroup = 33;
+              fsGroupChangePolicy = "OnRootMismatch";
+            };
           };
         };
       };
@@ -60,10 +65,11 @@
   };
 
   lab = {
-    nfsVolumes.freshrss.path = "freshrss/data";
+    longhornVolumes.freshrss.storage = "400Mi";
 
     ingresses.freshrss = {
       host = "rss.kun.is";
+      entrypoint = "localsecure";
 
       service = {
         name = "freshrss";
diff --git a/nixos-modules/data-sharing.nix b/nixos-modules/data-sharing.nix
index 1afd643..b6cc012 100644
--- a/nixos-modules/data-sharing.nix
+++ b/nixos-modules/data-sharing.nix
@@ -5,11 +5,8 @@ let
   nfsShares = [
     "/nextcloud/data"
     "/radicale"
-    "/freshrss/data"
-    "/freshrss/extensions"
     "/pihole/data"
     "/pihole/dnsmasq"
-    "/hedgedoc/uploads"
     "/traefik/acme"
     "/forgejo/data"
     "/forgejo/runner/data"